Galit Michel, VP of Payments at Forter, writes for PaymentExpert on 3DS and the impact it has on the payment journey. 

When asking merchants about 3DS, we often get conflicted responses. On the one hand, 3DS causes friction, reduces conversion, and negatively impacts the customer experience. On the other, 3DS shifts chargeback liability back to the issuer, absolving merchants of chargeback risk. European merchants must also use 3DS due to the Revised Payment Services Directive (PSD2) regulation.

Therefore, is 3DS a friend or foe?

When used strategically, 3DS can become a business enabler, helping merchants lower risk, shift liability, meet regulatory requirements, and increase authorisation and conversions, all while creating the best possible experience for their customers.

This is due to merchants today having the ability to use payment optimisation partners that offer dynamic 3DS checkout options, which reduce risk and liability while increasing conversions.

The trick in properly leveraging 3DS is knowing when, and how, to use it in the right way. This article outlines exactly how to do this.

The Regulatory Landscape is Changing

Merchants operating within the European Union (E.U.) and European Economic Zone (EEZ) are legally required to perform SCA on transactions to comply with PSD2, and as a result, rely on 3DS heavily.

However, many multinational companies that operate worldwide, are voluntarily complying with the regulation and enjoying the liability shift that 3DS provides, whilst at the same time enhancing the checkout experience for consumers.

Many merchants also recognise that the shift in European payment regulations may be extended to other countries, and so preparing now will save them time later. For example, the General Data Protection Regulation (GDPR) went into effect throughout Europe in 2018 and inspired the implementation of data privacy laws throughout the U.S. soon after.

Today, the U.S. has a conservative approach to 3DS, however, the rollout of 3DS2 and the expected rollout of 3DS2.2 will likely change this. Policymakers may recognise the value of SCA and the advancements of 3DS. As a result, merchants outside the E.U. will have to adapt their payment ecosystem to offer a more secure authentication method for their consumers.

When this happens, merchants who have already adapted their infrastructure and incorporated 3DS into their checkout process will find adapting to regulatory changes a smoother process. However, there are other benefits to using 3DS beyond regulation.

Improving Liability, Increasing Trust, and Uplifting Authorisation

The most advantageous thing for merchants is the fact that 3DS shifts liability back to issuers. This means that in the event of fraudulent transactions, merchants will not find themselves out-of-pocket (and out of goods).

While the liability shift is a key benefit for merchants, 3DS also enables merchants to increase the trust level of the consumer, uplifting authorisation and increasing revenue generation.

As digitalisation and globalisation boosted eCommerce and made it one of the fastest-growing sectors worldwide, this created an opening for sophisticated fraudsters, putting merchants at risk. While 3DS is not a fraud prevention solution, it can be used to provide additional authentication, should a merchant’s fraud partner not be able to guarantee if a transaction is legitimate. By performing 3DS on a questionable transaction, the merchant can validate the consumer before sending the transaction to the bank, increasing the likelihood of the bank approving the transaction.

A merchant who has a payment optimisation partner and 3DS incorporated into their checkout process can leverage this to their advantage. Instead of leaving this responsibility to the bank who may decline the transaction due to their own risk management strategy, merchants can route trusted customers through a dynamic 3DS path that will validate the transaction’s legitimacy.

To reduce their risk exposure and keep their overall fraud ratio low, many banks and Payment Service Providers (PSPs) have increased their security measures and authorisation filters. What this does is increases the risk of legitimate transactions being falsely declined. For merchants, this reduces their ability to generate revenue, and while additional security measures can help PSPs better manage their risk, a high level of false declines may lead merchants to switch providers, leading to financial and reputational losses.

If a merchant applies 3DS to transactions before the bank has a chance to decline them, there is a higher chance of the issuers trusting the transaction, and as a result, authorising it.

Not a one-size-fits-all protocol

While 3DS can help merchants reduce liability and risk, increase authorisation and meet regulation, it is not a one-size-fits-all solution.

On average, 3DS has a failure rate of 30% in Europe and 50% in the U.S. If a merchant blindly applies 3DS to all transactions, this will reduce their conversions resulting in lower revenue and profit. However, if using smart 3DS and creating a frictionless checkout experience, the transaction success rate increases.

If a merchant is using 3DS on all transactions, they will enjoy the liability shift, and if needed, be PSD2 compliant, however, they will also suffer from the familiar downfalls of 3DS. This includes increased abandonment due to friction, increased 3DS failure rates and increased technical errors due to the multiple authentication and authorisation steps that 3DS requires. This will lower overall conversions, harming revenue generation and profitability.

To enjoy reduced risk and liability without sacrificing conversion, it is important to know when 3DS will improve the chances of a transaction being approved, and when non-3DS transactions are preferred by the payment ecosystem. Unfortunately for merchants, this is one of the most challenging things to do and can only be done with advanced payment optimisation and smart 3DS solutions.

By adapting the 3DS process and routing consumers to the checkout path of least friction based on their risk level and behavior, merchants can provide trusted customers with a frictionless and secure checkout experience while minimizing risk, increasing conversion, and enhancing the customer experience.

A friend, but not a fraud protection solution

While using 3DS to authenticate transactions has significant benefits for merchants, fraud protection is not one of them.

Merchants that think they should still use 3DS on all transactions because it will protect their business from fraud need to realise that consumers can still chargeback transactions for which 3DS has been successfully completed. When this happens, banks can report chargebacks as service chargebacks, shifting liability and losses to the merchant. All chargebacks on 3DS transactions are also counted towards the card scheme fraud-to-sale programs, regardless of who the chargeback liability falls on.

This places the merchant at risk of incurring fines. If a merchant has increased fraud traffic, this may result in lower authentication rates due to their poor standing with the banks and even lead to them being off-boarded from certain institutions.

Friend or foe?

The utilisation of 3DS by merchants as a force for good is clear; liability is instead shifted to issuers, protecting the merchant’s business in the event a transaction is fraudulent. It also enables retailers to increase authorisation rates. In that sense, 3DS is a trusted friend to a merchant’s business.

However, it should not be used as a full-time fraud prevention solution; it is in merchants’ best interest to find a fraud prevention solution that can create a frictionless experience, and tracks the entire customer journey. Account takeover and policy abuse cost merchants billions each year, and the most sophisticated of fraudsters can find ways to circumnavigate 3DS challenges, making it appear as if the transaction is legitimate.

Therefore, merchants ideally need to find a partner that can apply 3DS in a smart way, in instances where there is a high chance for the transaction to be successful (meaning users will successfully complete the transaction through 3DS and the bank will authorise the transaction), but recognise where non-3DS transactions will guarantee increased conversions (and downstream, revenue and profit), and enhance the customer experience. Only by doing this will merchants determine whether 3DS is their best friend or worst enemy in enabling true business growth.