September is coming, and when it arrives, e-commerce merchants need to make sure they have enabled 3D Secure. Come September 14th, the European Union is rolling out “Strong Customer Authentication” (SCA) requirements across the European Economic Area.
Up until September 14th, most European customers will be able to complete a transaction simply by filling in their credit card number and pin. However, once SCA is rolled out, extra levels of authentication will be required. Customers will have to go through two factor authentication, providing two of the below:
Ayden illustrates two factor login.
3-D Secure has been growing in popularity over the last few years. Still, it’s largely been option. However, with the European Union rolling out SCA under the Payment Services Directive, it’s going to become all but necessary for any e-commerce companies that serve Europe.
Why is the European Union Necessitating 3-D Secure
E-commerce is booming in the European Union. 451 Research projects digital commerce sales to enjoy a 17 percent CAGR through 2022 in the region. With more money exchanging hands, that means the risks of fraud and theft will only increase.
In order to reduce fraud, protect customers, and make payments more secure, the EU is rolling out Strong Customer Authentication. While SCA will make the checkout process more cumbersome, it should reduce fraud and make online shopping safer.
The EU is rolling out increased fraud protections for consumers.
There are some situations in which a purchase may not be subject to the SCA’s two-factor requirements:
Low-value transactions- if the transaction is less than $30 it is exempt. However, if the card is used 5 times or total charges top $100, authentication is required.
Recurring transactions- subscriptions and other recurring transactions are exempt after the initial verification.
Trusted beneficiaries- consumers can choose to whitelist companies through their bank.
MOTO- Mail orders and telephone orders are exempt.
Inter-regional- if either the issuer or acquirer of the card is outside of Europe, the transaction is exempt.
Still, the SCA will require merchants to take additional steps to verify the customer’s identity. Unfortunately, just 25 percent of businesses are aware that they need to meet SCA requirements. The most straightforward way to do this is to use the 3-D secure protocol.
How 3D Secure Works
3D Secure, or 3 Domain structure, is a security protocol that has been set up to combat fraudulent online transactions. 46 percent of Americans report having suffered from credit card fraud within the past five years and globally, fraudulent charges topped $24 billion in 2016. 3D Secure aims to combat such fraud.
Visa illustrates how 3D Secure works.
The 3D Secure 1.0 system uses a three part process to verify the customer’s payment. The interoperability domain (such as a payment system), the card company (i.e. visa), and the acquiring bank will all verify the transaction. From the user’s perspective, the payment process remains
First, the customer plugs in their debit or credit card information into the payment form. Once they submit the payment, the issuing bank will verify the payment. Sometimes this process is automated, other times the user will have to provide additional information, such as a pin.
The 3-D Secure process illustrated.
Now, 3D Secure is being updated, and the SCA will necessitate some changes. Let’s take a look.
3D Secure 2.0 is Introducing More Changes
The 3DS system continues to evolve and 3D Secure 1.0 is being phased out in favor of 3D Secure 2.0. Like the original authentication system, 3D Secure 2.0 will involve data sharing and authentication between the connected merchants, payment networks, and financial institutions.
However, 3D Secure 2.0 will allow for better data sharing and analysis. Security experts believe that this will make it easier to sniff out and deny fraudulent transactions. In order to meet EU requirements, 3D Secure 2.0 will also support two-factor identification. This could include biometric scanning and other advanced but convenient verification methods.
Further, 3DS 2.0 has been retooled to better handle mobile payments. The original 3DS system was actually launched before smartphones were even a thing. As a result, 3DS 1.0 sometimes struggled with mobile payments. Given how much e-commerce activity occurs through mobile devices, it’s vital to offer a secure but convenient mobile checkout process.
Benefits of 3D Secure
Still not looking forward to dealing with the hassle of setting up 3D secure? First, as I already pointed out, you all but have to set up 3D secure by September 14th. If you don’t you’ll either have to stop doing business in the EEA or risk fines. However, you shouldn’t even look at enabling 3D secure as a bad thing.
Yes, it’ll take a bit of work but the payoff should outweigh the time and resources spent. Let’s look at a few of the benefits of enabling 3D secure.
Keep 3D Secure’s Liability Shift in Mind
Unfortunately, ecommerce stores and other online retailers can be held accountable for fraudulent charges. However, if you have enabled 3DS authentication, you may not be liable for certain fraudulent charges. This is because liability shifts to the card issuer.
In order for liability to be shifted, the attempted charge must have been authenticated or there must have been an attempted authentication. Various rules and conditions apply. For example, recurring charges are not eligible for liability shift.
3D Secure May Result in Increased Sales
Online shoppers are rightfully wary when it comes to handing over credit card numbers and other bits of sensitive data. As I already pointed out, fraudulent charges are common. As such, many consumers try to avoid using their credit cards.
In fact, 85 percent of shoppers will avoid making a purchase if the website appears to be unsecured. You need to use HTTPS and the appropriate padlock symbol. At PayKickstart, we’ve also found that adding security badges in the shopping cart can reduce abandonment rates.
At PayKickstart, we’ve found that security badges and other badges can reduce abandonment rates. Check out our infographic below:
Conclusion: If You Serve Europe, You Need to Enable 3-D Secure
3-D Secure will likely be the easiest solution for meeting Europe’s SCA requirements. So if you’re serving European customers, you need to get your business prepared to enable 3D Secure. Fortunately, with PayKickstart, that’s easy.
Even if you don’t serve Europe, 3-D Secure is a great way to guard against fraud. However, by requiring additional steps, you could lower your conversion rate. So keep that in mind.