In a world where eCommerce is king, routing traffic is a critical move.
Merchants need to ensure a seamless experience that could otherwise deter customers from coming back. Moreover, payments optimization plays a crucial role in maintaining frictionless eCommerce transactions.
PYMNTS hosted a wide-ranging discussion on 3DS 2.0, the security protocol for online payments, to shed some light on the growing complexity of eCommerce transactions. The conversation honed in on the challenges and opportunities confronting issuers, merchants and providers.
Panelists included Forter Head of Financial Partnerships Jeff Hallenbeck, M&T Bank Senior Vice President of Enterprise Fraud Policy and Governance Aaron Steinitz, Spreedly Senior Director of Product and Market Strategy Andy McHale, and Hopper Head of Product, Payments and Fraud Anirudh Narla.
After weighing in, the experts agreed that, when approached intelligently and with consistent collaboration on data, 3DS can be a business enabler for merchants in the U.S. But what’s preventing wider adoption?
3DS is not mandated in the United States, as it is elsewhere in the world. The three Ds in the acronym refer to the three domains involved in authorizing a transaction: the acquirer domain, the issuer domain, and the interoperability domain. Generally, the protocol will redirect consumers to complete additional verification with the issuer if there’s suspicious behavior in the mix.
But as Steinitz said, “I see more activity come through that channel as fraud.”
From an issuer perspective, he said, that perception is partly due to the application of the 3DS liability shift. When a consumer contests a transaction, stating they did not authorize the purchase or their details were compromised, liability for the fraudulent chargeback shifts from merchant to issuer.
“No one’s winning from this, which is preventing 3DS from being widely adopted,” Steinitz said.
Spreedly’s McHale said there is a “fear of friction in the eCommerce flow,” as there is a worry that 3DS will reduce conversion rates by overcomplicating the checkout process. But he said 3DS also supports “non-challenge flows” that are tied to data-only exchanges.
This fear of friction is understandable. The original version, 3DS1, debuted at the end of the last millennium and was plagued by technical issues and a less-than-user-friendly experience, which in turn spurred cart abandonment as customers were not used to having several challenges sent their way across multiple devices whenever they were trying to transact.
Narla contended that it took half a decade to reach what felt like a “steady state” in Europe for 3DS1, even with the mandate — at least regarding firms’ tech stacks. And with the newest form of the protocol, merchants in the U.S. worry that the past will be prologue (because not every merchant is in the same place when it comes to their own, in-place technology).
There’s also a general lack of awareness around the non-challenge flows with 3DS, said panelists, and so merchants are using it only with riskier transactions. From the merchant’s perspective, there’s hesitation to send good traffic to 3DS and risk cart abandonment.
With the rocky experience of 3DS1 and with caution about the newest iteration, merchants “want to be strategic in terms of where we want to deploy 3DS, and I think that’s where the challenge comes in,” Narla said.
Many U.S. merchants have found success with 3DS2, such as Hopper, which only sends its risky transactions through the 3DS rail. This means that trustworthy customers have a seamless and speedy buying experience, while riskier identities go through an added layer of verification through 3DS.
However, applying 3DS intelligently in this way means that there needs to be a constant flow of analytics and data science to determine which transactions are risky and which are from trusted customers. Failure to make this distinction could lead to lower conversion rates and revenues.
With a nod toward data, Steinitz said, “I’d like to use 3DS more regularly because the more signals, the better. Trying to make a decision is always difficult. Adding 130, 140 signals to that, and device analytics is great. I should be able to target fraudulent activity more effectively.”
At the moment, though, because of social engineering and the continued reliance on one-time passwords (OTP), issuers have several rule sets in the mix, passing transactions through several levels of analysis and decisioning that bring friction to the customer.
“How do I blend those into a seamless singular decision point where I can take device analytics, customer behavior, and I can take the things I know about that customer’s digital profile from our web banking platforms and use that holistically?” Steinitz said.
Data — and specifically data-only analysis — can boost authorization rates and reduce chargeback rates, Narla added. Having more data on hand also allows merchants, in the event a transaction is declined, to give an individual the option to choose another payment method and complete the transaction.
Forter’s model, according to Hallenbeck, is to tell merchants which path is “best” for a transaction, along with risk analysis, leveraging machine learning and artificial intelligence to move beyond static, heuristic models. According to McHale, Spreedly enlists Forter’s payment optimization solution to help merchants route transactions to the optimal gateway or payments service to ensure less friction and higher authorization rates.
Looking ahead, said panelists, 3DS-focused regulation may come to the U.S., but it won’t be imminent. We’re more likely headed toward a future of collaboration between issuers, merchants and providers to create a seamless customer experience.
“The world of connected data is coming,” said Steinitz, “and everyone needs to get on board.”