3D Secure Payment Gateway

There are different versions depending on the card issuer, such as VISA Secure or Mastercard Identity Check, and each assesses transaction risk using slightly different rules. Thorough customer authentication is crucial for reducing fraud and chargeback rates, but it comes with trade-offs, such as the risk of declined payments.

What Is 3D Secure Authentication (3DS)?

3D Secure is an authentication step between the issuing bank and the cardholder that is triggered during checkout, typically by the payment gateway.

Authentication means that the payment security protocol determines whether a transaction is legitimate. If 3D Secure authentication is successful, the transaction is authorized and sent to the payment processor.

A benefit of 3D Secure is the delegated authentication, which transfers the risk of fraud to the card-issuing bank rather than the acquiring bank. This reduces the risk of chargebacks for online merchant accounts, as it is the card issuer's responsibility to conduct a risk assessment.

How 3D Secure Authentication Works

Card Issuer

The cardholder's issuing bank will make an authentication decision based on whether the transaction is high- or low-risk. A low-risk transaction can use frictionless authentication, while a high-risk one will require a challenge, such as 3D Secure.

Different issuers have different risk appetites, and the authentication decision can also be based on customer signals. Monthly electronic payments may not require authentication because they are part of the customer's typical banking behavior, while a large online shopping expenditure may need an extra layer of security.

Access Control Server

The ACS runs issuer-side authentication, providing challenges to the shopper. This could be multi-factor authentication, such as sending an SMS message, or biometric verification, such as a thumbprint.

Directory Server

This is the interoperability domain that routes authentication requests between the parties. After a successful authentication on the issuer side, the server will provide this information to the merchant's payment gateway as part of the transaction data.

3DS Authentication vs Authorization

3D Secure is an additional security layer that is applied before payment processing is completed. The issuer domain verifies the shopper's identity using methods such as two-factor or biometric authentication rather than a static password. If these are successful, then the issuing bank approves the payment account, which is called authorization.

Understanding both authentication and authorization is crucial to ensuring a successful payment. Low-quality authentication methods can increase fraud risk, while overly strict authentication, like only allowing biometric data verification, can lead to false declines for legitimate transactions.

3DS1 vs 3DS2

There are different levels of 3D Secure used to safeguard online transactions with varying levels of friction and data use. Understanding the key differences between them can impact online purchase approvals, conversion rates, and fraud exposure.

3DS1 has higher friction, with more redirects and challenges. It may require two-factor authentication even for routine online payments. While 3DS1 can prevent fraud, it can also slow approval times and reduce conversion rates.

3DS2/EMV 3DS has richer data sharing and is designed for mobile devices, making it easier to make contactless payments or card-not-present (CNP) transactions. It uses data points such as transaction history and location to assess risk. While this ensures frictionless payment flows and improves conversions, it can also enable fraud for low-value transactions that add up over time.

Friction vs Conversion: The Tradeoff You Have to Manage

3DS1 challenges mitigate fraud, but they may also increase cart abandonment. Those shopping online may not have their phone on hand, or they may not want to check multiple accounts to get a verification code.

3DS2 is considered "frictionless" because it assesses potential risk based on account history, location, and other details that don't require the customer to input codes. This may improve conversion rates while still protecting merchants from fraud.

Every part of the transaction ecosystem must balance risk with user experience and use the correct authentication tool for the specific transaction.

Using 3DS for Fraud Prevention in High-Risk Digital Payments

The 3D Secure authentication process can be used for any transaction, but it is especially important for these situations:

• High AOV or High-Ticket Carts: If your average order value is high, such as selling firearms or fine art, 3D Secure is an essential security measure. It can also be triggered for large purchase volume on an as-needed basis.
• First-Time Customers: New purchases may be fraudulent, requiring extra scrutiny.
• Cross-Border Orders: If a customer is ordering from outside of their home country, or you receive orders from outside of your typical order range, 3D Secure can ensure this isn't fraud.
• Velocity Spikes: Unprocessed transactions with multiple attempts or rapid retries may be fraudulent.
• Shipping/Billing Mismatch: The Address Verification System (AVS) is meant to ensure that a billing and shipping address match. However, legitimate buyers may want to ship a product to a friend or to a temporary address. 3D Secure helps sort between legitimate purchases and fraud.

How 3DS Affects Fraudulent Transactions, Chargebacks, and Customer Trust

3D Secure can reduce certain fraud patterns, like unauthorized purchases using stolen card numbers. Through verifying transaction legitimacy, 3DS improves customer trust.

However, 3DS cannot entirely eliminate chargebacks, as these can happen for non-fraud-related reasons. Refund disputes, shipping delays, cancelled subscriptions, and product dissatisfaction can all result in chargebacks.

3DS is only a layer of a larger risk stack. By using 3DS alongside other fraud protection measures and providing high-quality customer service, you can reduce chargebacks and maintain strong banking relationships.

What to Look for in a 3D Secure-Ready Gateway

A quality high-risk payment gateway should provide full support for 3D Secure alongside other security measures. Look for these factors when choosing your vendor:

• 3DS2 Support: Many security infrastructure frameworks are moving toward 3DS2 because it provides frictionless authentication. Ensure that your provider can help you implement 3DS2, not just 3DS1.
• Risk-Based Routing: This step-up capability means that only certain transactions with heightened risk have higher friction, such as 3DS1 authentication measures.
• Reporting: A quality gateway will provide reports like challenge rates, authentication rates, and exemption or step-up outcomes.
• User Experience Support: Mobile-friendly challenges allow for seamless mobile purchases, while fallback handling ensures authorizations even for challenging cases.
• Troubleshooting: The gateway should offer support for authentication retries and issuer troubleshooting to provide a seamless experience for buyers.

FAQs

Fraud Protection Beyond 3DS

3D Secure is a critical aspect of payment security, but it must be combined with other measures to create a robust payment infrastructure. Tailored risk assessment rules, real-time transaction monitoring, and fraud protection tools are all critical aspects of ensuring seamless and safe transactions.

Adaptiv Payments provides customized merchant accounts for high-risk industries that incorporate 3D Secure with other risk mitigation measures, such as advanced dispute prevention tools.

While many traditional banks refuse to work with high-risk industries, our industry experts use underwriting to assess your business model and then develop a personalized account that meets your company's needs. We offer easy integration with most ecommerce platforms, global payment processing in multiple currencies, and comprehensive onboarding support so that you can get funded faster.

See why thousands of businesses trust Adaptiv Payments to protect their reputations and transactions. Contact us to learn more about our comprehensive payment solutions.