Nearly everyone in the payments industry has heard of 3-D Secure, but understanding what the term actually means is another matter. In the most basic sense, 3-D Secure is an online security protocol created by the different card networks to improve the level of security in card-not-present (CNP) transactions.
To better flesh out what 3-D Secure is and why it’s being adopted across the payments landscape, PaymentsJournal Editor-in-Chief Ryan McEndarfer spoke with Kevin Doerr, Chief Product Officer at Marqeta.
“It’s a mechanism for the parties to be able to exchange information”
3-D Secure refers to a set of protocols first rolled out in 1999 to better safeguard e-commerce transactions. Part of what can confuse people is that the protocols have since been branded with many different names, including 3D Secure, Mastercard SecureCode, Verified by Visa, and 3DS, among other variations.
No matter what branding one wants to use while referring to the protocols, the underlying utility of 3-D Secure is the same. “Very simply put, it’s a mechanism for the parties to be able to exchange information between the point of transaction, the card issuer, and the network itself,” explained Doerr.
By exchanging the information in a uniform way, the protocols enable participants to better determine the authenticity of an e-commerce transaction.
Securing e-commerce transactions is more important than ever
The need for better security in e-commerce transactions has grown in recent years. Ever since merchants across the United States began widely adopting EMV technology at point-of-sale (POS) terminals, committing card fraud in person became more difficult.
In response, criminals began migrating their fraudulent behavior to the online world, where it was more difficult to detect illegal behavior. In a very short amount of time, online fraud proliferated. By 2017, CPN transactions represented 59% of all fraud, despite making up only 22% of purchase volume, according to The Federal Reserve. Then the COVID-19 pandemic hit and e-commerce sales spiked, further accelerating these fraud trends.
In such an environment, it’s more important than ever for merchants and payment companies to be able to authenticate e-commerce transactions. Swiftly exchanging the relevant information between the parties involved in a transaction—as 3-D Secure does—helps limit fraudulent activity. It gives you a higher percentage of certainty that a transaction is authentic, explained Doerr.
Balancing friction and security
While 3-D secure has helped address e-commerce fraud, many merchants have been hesitant to embrace the protocols. The major complaint is that 3-D Secure introduces too much friction into the transaction process without giving merchants the ability to reduce friction when needed.
Too much friction is problematic because it can deter legitimate customers from completing a transaction, especially when customers are falsely declined. One study found that 44% of falsely declined consumers either stopped or reduced shopping with that retailer.
Since 3-D Secure requires the cardholder, the card issuer, and the merchant to all participate in payment authentication, it adds an extra step to the transaction that may frustrate some consumers. For example, it’s not uncommon for a consumer to be presented with a pop-up window requiring further authentication. This dynamic has limited how widely 3-D Secure protocols have been adopted.
3-D Secure 2.0 gives control back to the merchants
In response to these complaints from merchants, Marqeta decided to create its own version of the protocols: 3-D Secure 2.0.
Doerr explained how Marqeta’s merchant customers “wanted more control and wanted more governance over what was happening in a transaction” to be able to mitigate the potential friction on the consumer side.
With Marqeta’s version, merchants can decide to issue challenges based on their own risk-tolerance levels. If a merchant would rather not issue challenges with certain types of transactions, for example, they are free to do so, unlike with the traditional 3-D Secure protocols.
“We’re giving the control back to our customers to be able to determine when and where and how much risk they want to take,” concluded Doerr.
