Jeff Hallenbeck, head of payments at Forter, noted in a recent conversation with PYMNTS that the authentication method known as three-domain secure (3DS) has had an uneven embrace by merchants across the globe.
But it should be more widely used by companies looking to battle fraudsters — particularly by U.S. merchants looking to expand beyond their domestic markets.
“3DS,” he said, “is viewed differently in the United States.”
Part of the issue is the fact that the U.S. and other markets differ sharply in how 3DS is being implemented. In Europe and India, for example, which are regulated markets, 3DS is mandatory. The U.S. has made 3DS optional. In Europe, merchants have leaned into using 3DS — because they’ve had to.
In the U.S., the adoption curve has not been what it otherwise might be. “The fact that it’s optional has allowed many merchants to avoid it altogether,” he said.
There are also several misconceptions out there about 3DS, said Hallenbeck, which can be traced back to the frictions that were apparent when 3DS first came to market two decades ago.
“We know,” he said, “that the checkout conversion rate is the number one KPI [key performance indicator] that payments teams are thinking about these days … and the potential of friction spooks a lot of people.” There are also misconceptions about risk and where liability shifts may lie. The misconceptions, he said, are that banks, which now bear liability on transactions, are going to hurt merchants’ authorization rates. But that is not the case, Hallenbeck said.
He said 3DS can in fact increase risk tolerance on transactions — because now there is an additional tool in the toolkit to gain more confidence. And 3DS demands additional data points, he said, adding that Europe’s example, with vastly improved fraud rates, is evidence of the value enhanced data gives banks as they examine transactions.
Hallenbeck said 3DS can actually increase authorization rates. He noted that both Visa and Mastercard have products in the 3DS space so that data is shared — providing context to transactions so that decision making is improved, in real time.
As for the merchants looking to expand into new regions and new markets, Hallenbeck said, 3DS is a “must. If you’re going to Europe you have to have it and if you are going to India you have to have it.” Even in smaller markets, he said, issuers have taken on the strategy of soft declines, which then demand a higher level of authentication (and thus, 3DS is a critical component).
“If you don’t have 3DS or a smart authentication strategy in place,” he said, “you cannot do business with that bank’s cardholders.” Without 3DS in the tech stack, he warned, “you’re going to have a hard stop in a lot of these markets.”
In markets that are already regulated, he said, there’s the added benefit of exemptions, tied to low dollar amounts or other parameters, which means that merchants can “work their way out” of authentication.
Read more: Fraud Prevention Programs Support Revenue Growth Strategies, Says Forter’s Head of Risk
In the months and years ahead, Hallenbeck said, merchants will need to consider the fact that 3DS will likely be part of the commerce landscape — and that they also need to have a strategy in place in the event that authentication or authorization fails. These merchants need to understand what their providers (Forter included) do in the background when a consumer does not pass a challenge on the site. Are they to be exempted, or prompted to authenticate again? A clear strategy, he said, can keep top-line momentum in place.
And 3DS has the advantage of helping merchants embrace an ever-broadening roster of payment methods and local payments choices that can, if offered, seal the deal and close the sale in a given market.
As Hallenbeck told PYMNTS, “regardless of where they are expanding, 3DS needs to be part of every payment and fraud tech stack. It’s an important tool.”