Authentication Layers:
Do You Believe in Free Lunches?

Authentication Layers: Do You Believe in Free Lunches?

This is the fifth blog post in the five-part series.

Part one: The Fraud Prevention Space’s Complex Optimization Problem
Part two: What You Can Gain by Partnering With a Fraud Prevention Vendor
Part three: An Overview of Fraud Management Solution Types: Pros & Cons
Part four: What You Should Consider When Evaluating a Fraud Prevention Solution

What is 3-D Secure?

In this blog post, I will discuss the pros and cons of extra verification methods, why merchants are using them, and what are the possible alternatives. But first, 3-D Secure, also known as a payer authentication, is a security protocol that purports to help prevent fraud in online credit and debit card transactions. This additional security step was initiated and created by Visa and MasterCard and it’s branded as ‘Verified by Visa’ and ‘MasterCard SecureCode’ respectively. 

3-D Secure authentication provides a way for card issuers to verify the identity of the cardholder, typically by asking them to enter a password or a secret code that only the cardholder should know. This adds an additional layer of security to the online transaction since even if the customer’s card number and card details are fraudulently obtained, it is less likely that a fraudster would also have access to the customer’s secret password. For a successfully authenticated cardholder, the risks of fraud are therefore significantly reduced.

3-D Secure comes with chargeback liability shift

To encourage merchants to use 3-D Secure, card issuers who participate in the program offer merchants a guarantee of payment for successful online transactions that have also been authenticated using 3-D Secure. This means that if a transaction was approved by 3-D Secure and later returned as a fraudulent chargeback the merchant will not be the one liable for the chargeback but the liability will shift to the issuing bank through the schemes. 

A conflict of interest 

Sounds awesome, right? Not just that 3-D Secure authentication process is designed to be effective in preventing fraud, but also, in cases where a fraudster manages to bypass the authentication mechanism, the issuing bank pays for the chargeback and the merchant is not liable. And the deal gets even better – it is free of charge!

But in the world of fraud prevention, there is always tension and a trade-off between approval and chargeback rates. The higher the approval rate is, the more borderline transactions will be approved, adding risk and leading to a higher chargeback rate. Now let’s analyze the underlying interests in the relationship between the merchant and the issuing bank when the 3-D Secure mechanism is in place. 

The merchant’s interests are clear: approve as many good customers as possible. Doing this implies taking more risk and approving some borderline transactions. The issuing bank, on the other hand, is not getting paid for conducting the fraud check and is also stuck with the liability. So its priority is to take minimize risk, even at the expense of declining good customers. This conflict is known in business as there are no free lunches.

The friction equation

Now that we understand the motives that lead to suboptimal approval rates for transactions that are redirected to 3-D Secure, we should talk about the elephant in the room: the friction. 

In a complicated consumer environment, merchants are already doing whatever is possible to reduce friction to a minimum. For example, think about the revolutionary 1-Click-Ordering by Amazon. The easier, the faster, and the more frictionless a process is, the higher the chance the customer will go through with a transaction. 

3-D Secure is not a sophisticated fraud prevention mechanism – it is just a friction intensive method that challenges the customer in the end.  

The drop-off problem

  1. 3-D Secure is counter productive in many countries

In many countries, such as the US, Spain, and France, 3-D Secure has never been fully embraced by mainstream customers. Meaning, when customers see the 3-D Secure popup screen, they often will not bother trying to enter the code. Many simply close the window and abandon the cart, perhaps to make the purchase elsewhere. 

  1. The customers can’t authenticate themselves 

Sometimes, customers simply can’t authenticate themselves. Here are two common examples:  

  • Being abroad with a local sim card: One of the authentication methods that 3-D Secure uses is a one-time PIN that is sent to a customer’s mobile number appearing in the issuing bank’s records. But if a person is traveling and bought a local sim card, it means you might not be able to get the text message and authenticate yourself. 
  • Being on a flight:  As more and more flights offer wifi services, in-flight purchases have continued to grow. However, without cellular reception, the 3-D Secure mechanism will prevent a flyer from finishing a purchase. 

The paradox here is that many times merchants will use 3-D Secure only for the transactions they will define as risky. Geo mismatches, for example, increase the riskiness of the transaction. It means that the only times those customers will be defined by the fraud system as risky will be while they are traveling. And although they are not risky purchasers at all, 3-D Secure will keep them from finishing the purchase. 

  1. The customer is simply not willing to deal with friction

In an eCommerce atmosphere, where nearly every product is sold by multiple merchants, many customers just seek out the best purchasing experience and are not tolerant of friction. Once faced with 3-D Secure, many will just go and purchase what they want elsewhere. 

To summarize, 3-D Secure suffers from three main drawbacks: 

  • Suboptimal approval rates that lead to declining good customers.
  • High drop-off rate: Due to friction many customers will drop-off and not finish their purchase. 
  • Bad customer experience: Many good customers that are falsely declined or face high friction during the purchase process become former customers.

So, what is the best alternative for 3-D Secure? 

If you are using friction to protect yourself from chargebacks on the transactions that you deem risky and don’t want liability for, you should explore the option of sending those orders to a Chargeback Guarantee solution. 

A chargeback guarantee solution will be incentivized to approve as many orders as possible, since it makes revenue only for approved orders while also offering the protection of the chargeback liability. Since we are focusing on a risky segment of transactions, usually the chargeback guarantee solution fee would not be low and therefore, in order to determine whether this is a cost effective solution for you, you should seek out a proposal and run your ROI analysis.

 Having gone through this process with hundreds of merchants who were using 3-D Secure, we found that, overwhelmingly, they turned it off and now send those transactions to a chargeback guarantee solution. Ultimately, if you are operating in a low margin vertical, there is a very good chance that the ROI for switching solutions will be positive and, moreover, you’ll be able to provide customers with much better experiences and enjoy an increase in lifetime value.

We hope this was insightful and please remember – there is no such thing as a free lunch!