This month, issuing banks around the world will begin supporting 3D Secure2.0. The original version of the technology saw spotty adoption—especially in the U.S.—because, despite shifting the liability for e-commerce fraud loss to credit card issuers, merchants feared the friction caused during checkout would cause shopping cart abandonment to skyrocket.
The evolution of 3DS, spearheaded by EMVco, hopes to allay those fears by using a more risk-based approach requiring fewer users to authenticate themselves with a password. New research from antifraud technology provider Ravelin, however, raises questions about whether the enhanced technology will improve payment authentication.
Under the original 3DS, nearly one quarter of global payments are lost when authenticated, according to data from Ravelin. Authentication took an average of 37 seconds according to Ravelin’s analysis of millions of global business transactions. In addition, the vast majority of payments (91 percent) cause friction because the authentication took more than five seconds. Even in cases where online merchants had improved user experience, 19 percent of payments were still lost.
While risk analysis should improve these conditions under 3DS 2.0, Ravelin found that even forward-thinking banks that have already implemented one-time password and app-based verification still lost 19 percent of transactions through 3DS.
Ravelin head of product, Mark Barlow said “It’s clear that improved 3DS 2 user experience alone is not enough to maximize acceptance. The huge differences between banks highlights that merchants will need to get smart about how they manage low-risk exemptions to the [two-factor] Strong Customer Authentication requirements.”