3D Secure: Fraud Prevention Mechanism or Point of Friction?

3D Secure was designed as a way to reduce online card fraud. Initially designed for Visa US, known as Verified by Visa (VBV), it soon proved useful for fraud prevention during card not present (CNP) transactions.

It didn’t take long for the other major card brands to adopt a similar security protocol, with MasterCard launching SecureCode (MSC), American Express rolling out SafeKey in 2010 and JCB frictionInternational verifying cards through J/Secure. For shoppers, this means creating a password for their debit or credit cards – almost like an online PIN code – which they use whenever they encounter a 3D Secure authentication gateway.

3D Secure is a reference to the three parties involved in the payment authentication:

  • The merchant’s website;
  • The acquiring bank (merchants account or payment processing company, when linked to a merchant account);
  • The card issuer (VBV, MSC, AMEX SafeKey or J/Secure), depending on the card used.

For merchants there are extra costs, though the use of merchant plug-in (MPI) servers, which are often included in the services offered by payment processing companies.

Extra costs come with additional protections, namely a liability shift, should a secure payment prove to be fraudulent. In a case such as this, the 3D system will have failed the merchant, which is why card issuers usually issue a refund. Some merchant banks have additional clauses when it comes to the liability shift, so double check this before signing any contracts.

3D Secure: Impact on Basket Conversions

In some markets, 3D Secure has a net positive effect on basket conversions. In the UK, India and Russia, customers feel safer when they encounter a 3D Secure gateway. Therefore, they are more to complete a payment. Merchants in the UK see an average 3% increase in conversions when we factor in the total increase compared to those that abandon a cart.

3D Secure increases conversions 8% when customers pay with a Visa debit in the UK, whereas Visa business credit cards saw a 7% reduction in completing transactions. The difference in volume makes the UK a net beneficiary of this more secure payment gateway.

One explanation for business customers abandoning carts is the frequency of use when it comes to business debit cards. More often than not, cards are used for travel expenses and one-off purchases. Invoices and other forms of online payments, or credit cards, are more commonplace amongst business owners. Going through the hassle of finding or resetting a secure password is enough of a reason to abandon a purchase.

Asking a customer to reset a password can take around three to five minutes, which for many is enough of a reason to give up and shop elsewhere. There are other reasons customer give up, too. 3D Secure is generally a fairly poor experience on mobile devices. Those making smaller or repeat purchases also view 3D Secure gateways as friction points, encouraging many to give up.

3D Secure is more common across hundreds of markets, but reviews are still mixed and not altogether positive. One merchant in 2014 compared it to a chocolate fireguard.

3D Secure And My Business?

Extra protection, in the form of a liability shift, is worth the additional expense and potential trouble. But this comes with a few customer and market-centric caveats.

Firstly, consider the average basket size. Do these warrant an extra layer of security, or would this prevent your customers completing a purchase?

Secondly, think about how your customers prefer to shop: mobile or laptop/desktop? If more of your business is coming through mobile, you would need to ensure the website and payment gateway is optimised to ensure the user experience is seamless and smooth.

Although m-commerce continues to increase at a pace in developed countries, the developing world – especially China, South East Asia, Latin America – and Japan where the smartphone reigns supreme in shopping. Customers in these markets want a hassle-free integration with social networks, particularly WeChat, Baidu, WhatsApp and QQ.

For those merchants looking for international expansion 3D Secure could be a friction point in certain markets. However, the decision to use this technology or not must also be weighed up against the prevalence of fraud in those regions too.  The EU’s Guidelines on the Security of Internet Payments advocates using a two-step verification method and therefore 3D Secure and region equivalents are likely to become more widely accepted as these guidelines become law.

As a security and fraud prevention mechanism, 3D Secure is worth the investment. For customers in certain countries it provides a reassuring level of security whereas in others it can increase abandoned carts, a localised approach is recommended.

However, friction points exist on mobile devices and therefore we recommend that 3D Secure is implemented advisedly, optimising your mobile payment gateway according to the size of the transaction and the customer’s location, and turning on or off 3D Secure to reduce friction points for low value, low risk purchases.

For more on taking mobile payments click here.