Q+A: eCommerce and EMV 3DS
eCommerce and mobile sales are growing rapidly and account for nearly 20% of consumer spending in the United States. Securing eCommerce and mobile payment transactions is critical for protecting merchants and consumers. EMV® 3-D Secure, or 3DS, is an authentication specification developed by EMVCo to minimize user friction and minimize risk in eCommerce and mCommerce environments.
ETA will be hosting a webinar on July 17th which will explore the latest iteration of the EMV 3DS Secure Protocol and Core Functions Specifications. This webinar will feature insightful perspectives from the industry leaders at the forefront of developing and implementing EMV 3DS. Speakers include:
- Sam Pfanstiel, ControlScan (Moderator)
- Kevin Crockett, CardinalCommerce
- Steve Klebe, Google
- Tabitha Odom, EMVCo
In advance of the webinar, Transaction Trends sat down with three of the webinar’s presenters to get their insights payments security standards and innovation.
Read the interview below, and be sure to register for the webinar by clicking here to get the full picture. The webinar is free for ETA members and $99 for non-members.
Transaction Trends (TT): How can payments companies balance friction and risk in eCommerce settings?
Sam Pfanstiel (SP): The payments industry has long been focused on improving security and reducing fraud risk, but have been slow to address customer experience, addressing issues such as reducing cart abandonment and advances in frictionless payments. The EMV® 3-D Secure (3DS) 2.1.0 standard provides more flexibility and extensibility for e-commerce providers to integrate cardholder verification directly into the online and mobile shopping experience, returning the power for making risk-based decision to the merchant, and supporting easier implementation methods and flexible authentication through integration with digital wallets, one-time passcodes, and biometrics. E-commerce merchants and payment platforms should check with their processor for new authentication features to improve their customer’s 3DS experience, and also confirm availability of plugins and SDKs that prevent their applications and servers from being exposed to 3DS Data and thus being subject to assessment under the new 3DS security standards.
Kevin Crockett (KC): It’s comes down to understanding your particular purchase flow you have set up for your customers – the majority of the screening and authentication can take place behind the scenes, so the customer journey in large is not impacted. However, based on the type of transactions – digital gift card purchases, higher risk items, etc – a merchant may be willing to accept higher degrees of “friction” and in some cases even request it. Your 3DS service provider should be able to help you design a tailored authentication strategy that fits the needs of your business and complements other solutions you have in your fraud toolkit.
Steve Klebe (SK): The key is doing the vast majority of the screening behind the scenes especially in the US market and only stepping up to involve the prospective customer if there are clear signals of higher than normal risk. Of course, there are a lot of considerations around value of the product or service being purchased, the merchant’s current standing with regard to chargeback rates, etc.
TT: Why do US-based companies need to care about 3DS and SCA?
KC: 3DS has evolved, even in the current 1.0 version of the protocol. The majority of US based issuers run risk based authentication so that no (or very low levels of) step-up challenges occur. With EMV 3DS, merchants have even more capabilities around controlling the customer experience and higher degrees of frictionless authentications can occur across all channels because 2FA is not mandated in the US market. The increased amount of data that is exchanged in an EMV 3DS transaction helps all parties reduce fraud, while limiting false declines – thus increasing authorization conversion rates. Merchants will see reduced fraud rates and have liability protection on orders that do turn into fraud. Merchants will see increased authorization approval rates as the issuers’ confidence in their authentication solutions and correlating models continues to grow with the increased data set. Issuers will provide a better user experience for their cardholders – meaning, they are able to accept more transactions in a secure manner. Issuers have a vested interest in maintaining top of wallet and limiting false declines/cardholder insults as much as possible.
SK: Many US based companies operate globally and therefore related to SCA which then by extension involves 3DS, being in compliance will be mandatory. Even before SCA, 3DS had gained fairly widespread adoption throughout the EU to the point where if a consumer came to a site that did not have it they might be suspicious and choose not to transact.
TT: How do you seen eCommerce standards evolving?
SP: As card present EMV chip technology has increased in maturity and market adoption, card-not-present fraud has become the primary battleground for fraud (Verizon, 2019; Trustwave, 2019). Standards for e-commerce can no longer focus merely on prevention of data theft, but must also provide easy-to-integrate tools for merchants to reduce fraud from previously exposed cards. I anticipate that cardholder verification technologies such as 3DS 2.1 will pave the way for standardized transaction flows from platform providers that support local and online digital wallets. As consumers become more familiar with these technologies, native support for consumer authentication in mobile and desktop browsers will further improve the customer checkout experience.
KC: I think we will see more countries adopt similar regulations to those we see in India and the EEA. As digital commerce continues to grow, especially on mobile and IoT devices – there will be a growing need to secure those transactions and combat fraud on those channels. It’s going to be interesting to see how the market adapts, both from technology and adoption standpoint.
SK: They are likely to continue to be fragmented due to the significant disparity around regulatory involvement within any one country and as the political tides ebb and flow.
Click here to register for the webinar.