The first iteration of 3D Secure was hailed as a online fraud game-changer, but its effectiveness came at the cost of consumer convenience — and, ultimately, conversion. In the Digital Fraud Tracker, American Express’ JJ Kieley explains how the overhauled 3D Secure 2.0 system will curb fraud without the risk to merchant conversion.
Credit card fraud is endemic in the United States and abroad, and banks and providers have worked tirelessly for decades to minimize its impacts. The rise of eCommerce has only made this task trickier, as bad actors can now spoof thousands of credit cards at once and use them almost instantaneously.
The credit card industry thought it had a good handle on the problem with the introduction of 3D Secure in 1999. The protocol was leveraged by many card providers under various names: Visa Secure, Mastercard SecureCode and American Express SafeKey, among others. This system was effective at preventing fraud, but it inadvertently created issues with customer seamlessness, according to JJ Kieley, vice president of payment products at American Express.
“The key thing that they were focusing on was an interoperable system, so that merchants and card issuers could use a standard protocol of sorts,” Kieley said in a recent interview with PYMNTS. “What it focused on was authenticating a customer at checkout. Merchants would send information to the issuer through 3D Secure, and through that authentication, they can see whether or not there is a fraudster trying to use a compromised card or if it’s actually the card member.”
This authentication process was extremely time-consuming, leading to the development of 3D Secure 2.0 in 2016. Kieley offered PYMNTS an inside look into the drawbacks of the first iteration, what led issuers to reconsider their approaches and how 3D Secure 2.0 improves on the original version.
The Drawbacks of 3D Secure
The original 3D Secure had a number of deficiencies, especially when it came to customer and merchant satisfaction. The authentication system was obtrusive and slow to process, and it also required additional active input from the customer to make transactions go through.
“You click a button saying ‘checkout,’ and then the merchant sends the transaction information to the issuer of that card,” Kieley explained. “Then the issuer will decide whether or not we need to send some type of notification to the card user using the information we have with the card number, and then the customer will get a pop-up that’ll say, ‘American Express is trying to authenticate your transaction. Please enter the code that we just sent to your phone or email.’”
Customers on eCommerce websites were frequently annoyed with the obtrusiveness of this extra step, often abandoning transactions entirely rather than checking their email inboxes or phones for the extra codes. This, in turn, irritated merchants because they were losing otherwise surefire sales.
“Merchants knew it was an effective tool in preventing fraud, but they had to make the decision of whether to protect [themselves] against fraud or create friction that could lead to abandonment of transactions,” he said. “It really wasn’t a great experience.”
Card issuers took these complaints to heart when developing the new iteration of their authentication system, 3D Secure 2.0, which aims to improve customer experiences without compromising fraud detection.
How 3D Secure 2.0 Improves Upon the Old
Making customers’ and merchants’ experiences more streamlined and convenient was a top priority when developing 3D Secure 2.0, Kieley explained. Instead of requiring an extra authentication step on the user’s side, the new system leverages more data points to make a fraud determination behind the scenes.
“The reception on the consumer side has been very positive,” Kieley said. “They thought that because of regulation, they [were] going to have to go through an authentication process like they experienced with 3D Secure 1.0, but now they’re getting a much better experience on it.”
The new system’s other major improvement is its flexibility. 3D Secure’s first iteration only worked on web browsers, meaning that smartphone shoppers needed to navigate a small, unoptimized authentication screen on their phones’ internet apps. Now, the system can be implemented natively on eCommerce apps.
“The other benefit is that the experience that the customer goes through got a big step up,” Kieley said. “3D Secure 1.0 only supported browser-based payments and browser-based pop-ups, so [it] really wasn’t a great experience. [3D Secure] 2.0 supports both browser and native apps, which means lower friction and a better experience.”
Fraud will continue to be a concern for card-based payments, especially as eCommerce usage grows during the pandemic. But with 3D Secure 2.0, card issuers, merchants and consumers can all access a more secure shopping experience with minimal amount of friction.