The conventional misconception surrounding 3DS — short for three-domain secure — the security protocol that debuted more than 20 years ago, is that it’s a “conversion killer” for online merchants.
In an interview with PYMNTS, Jeff Hallenbeck, head of financial partnerships at Forter, said the latest version of 3DS — 3D Secure 2.0 — is undeserving of the moniker and, when used intelligently as part of a merchant’s eCommerce strategy, can boost revenue and customer satisfaction.
The authentication protocol 3DS 2.0 has been mandated across various parts of the globe, most notably being required as part of the PSD2 legislation that governs transactions in the European Union. Countries in Asia and Africa have required 3DS implementation too. But merchant reception has been tepid in the United States, where adoption is not mandatory.
“The stigma in the industry right now,” Hallenbeck told PYMNTS, “comes from the failures of 3DS 1.0.” He said the first version of the authentication protocol — which came at the end of the last millennium as eCommerce was taking off — did not deliver a frictionless experience, and customer abandonment was high.
However, much has changed in the 20 ensuing years. The second version of 3DS fosters collaboration and data sharing between merchants and issuers, as they both seek to increase trust around digital commerce.
“The amount of data that’s going through the network pipes now is a huge win,” he said, “and we’re seeing that negative stigma change in the market.” Payments and risk professionals are starting to view 3DS as an integral part of their tech stack and something that can help their business grow efficiently, especially during tough economic times.
But realizing the benefits of 3DS, he said, means applying the strong customer authentication protocol strategically to optimize payments and risk flows.
That means avoiding a “blanket approach,” said Hallenbeck, who likened 3DS to a self-driving car. When used correctly, an autonomous vehicle can make life safer for those on the road. But complacency on the part of inattentive drivers can have significant and negative consequences. The same can be said for 3DS, where a “blanket approach” — when merchants apply it to all transactions, as an example — has significant drawbacks, namely less revenue and lower bank approval rates.
Hallenbeck said that, for merchants to see the true value of 3DS and for the industry to finally slash its “conversion killer” label, merchants must have a robust strategy in place to understand when to apply 3DS intelligently and how banks react when liability is shafted onto them.
“3DS2 builds a second level of trust on risky transactions,” said Hallenbeck, who added that on borderline transactions, “as a merchant, 3DS gives you a ‘pipe’ to the bank to ask them ‘What do you think?’”
The enhanced data sharing — IP addresses, email addresses, device IDs — can ensure all stakeholders are comfortable with the transaction. If they work in concert, he said, merchants and banks can use 3DS to their advantage even in markets like the U.S. that don’t mandate the protocol.
Looking ahead, he said all parties in the payments ecosystem are starting to realize the benefits of leveraging 3DS in a smart way.
“If you’re a regulator, you want to push for it to increase consumer safety. If you’re a merchant, you want to apply it intelligently to help grow your business. If you’re a bank, you want to improve it to ensure your good cardholders can shop safely and seamlessly in a digital-first world.” 3DS is a tool that can help everyone in the payments ecosystem grow revenue in a safe and secure manner, but it has to be enabled in a smart, strategic way.