As has historically been the case with commerce security upgrades that roll in by government mandate, the path to European Union adoption of 3D Secure 2.0 (also known as â3DS 2.0â or âEMV 3DSâ) has been a rocky road. Itâs been replete with stumbles and delays getting the new technology paradigm off the ground â most notably in the middle of the coronavirus pandemic, a global event that put the brakes on projects large and small worldwide.
But for all of the headwinds that COVID-19 has thrown at the project, the outbreak and the flood of digital commerce the pandemic spawned also created a massive tailwind for 3DS 2.0. After all, a flood of fraudsters looking to intercept all that newly-created digital commerce is creating demand for better security, PAAY Chief Financial Officer Brian McCutcheon told PYMNTS in a recent interview.
âThe EMV 3DS is uniquely qualified to help merchants keep their chargeback rates down,â McCutcheon said. â[That] keeps them from getting in trouble with the card brands, and obviously avoids the significant costs that come along with fighting, investigating and resolving chargebacks. At the end of the day, itâs kind of a low-priced piece of technology to fight what can be a very expensive issue for merchants.â
But first, 3DS 2.0 needs to make it over the bumpy road to adoption. Thatâs a path that McCutcheon said will have challenges, but perhaps fewer than weâve seen in the recent history of security upgrades.
Why 3DS 2.0 Is (And Isnât) Like Putting EMV Into PlaceÂ
3DS 2.0âs struggles toward universal adoption in the European Union is reminiscent of EMV chip cardsâ rise â a similar journey that aimed to solve a different fraud problem.
When the card networks first started mandating EMV, McCutcheon said, there was heavy resistance. That meant the rollout was rocky and filled with delays almost everywhere it went, especially in the United States.
âWhen it was finally mandated in the U.S., a lot of providers were caught short in their efforts to roll it out,â he said. âIn that way, I see it very similar to the 3DS mandate that is already in place for Europe.â
McCutcheon believes that like EMV, 3DS 2.0 will ultimately make it over the finish line because, bumps aside, itâs effective and reduces digital sales fraud.
Moreover, he noted that the 3DS 2.0 changeover should be easier to make because there isnât a heavy hardware investment baked in â unlike the switch to chip and PIN cards. Those involved new point of sale (POS) devices with chip readers that were an expense for merchants (often a major one). McCutcheon said the cost only added to merchantsâ initial resistance to adopting those systems.
âI donât think the second wave of EMV 3DS will be as bumpy, because it doesnât require the significant investment and the capital required to change out all the equipment,â McCutcheon said. â3DS is software. Itâs done away from the point of sale.â
And although only the EU will soon require 3DS 2.0, McCutcheon said PAAY is developing solutions for the wider world as well. He said thatâs because even beyond the EU requirement, 3DS is an increasingly necessary tool for merchants who are switching more and more to digital sales.
The Path ForwardÂ
McCutcheon noted that large, enterprise-sized firms have very advanced security procedures and whole IT teams dedicated to fighting digital fraudsters, while small- to medium-size businesses face growing fraud problems that they donât have the scale to take on alone. What 3DS 2.0 allows them to do is push off some of that liability to where it more properly belongs â the issuers. Issuers are more qualified to spot and repel scams given the fraud data they already have and the supplemental 3DS data theyâre getting in.
âThe issuing bank has much more viewpoint authority over the issued card and the cardholder,â McCutcheon said. âTheyâre in a better position to mitigate the fraud. The result of that can be that merchants get to sell their product, because the authorization rate stays up while shifting that liability to the issuing bank. So, they arenât always fearing that chargeback.â
And because the need for such protection exists and is growing, he strongly suspects that while 3DS 2.0 is getting its big start in the EU, itâs going to make its way across the pond in fairly short order just as EMV did. McCutcheon believes that smart U.S. players will start readying their operations today for a switch in liability thatâs almost certainly coming down the pike tomorrow.
âWhen it comes to data protection, security and payments technology, the trends seem to begin in Europe,â he said. â[But] in my humble opinion, the payment companies that succeed are the ones that see the needs and wants of the EU and have the foresight to build products that solve those same needs for the American market.â