3DS v2 puts the customer first with secure and frictionless payment processing.
In part this has been driven by the International Card Organizations (ICO) which wanted to ensure the same security measures were applied no matter if a transaction was made at a bricks and mortar store or through an online merchant.
However, in our experience, security has rarely been viewed from a customer-centric perspective. Generally, the more emphasis that is put on the security, the poorer user experience becomes. 3-D Secure V2 is changing this by facilitating secure and frictionless payment processing, putting the customer first.
Better security for all actors
3DS v2 essentially forces merchants to request strong customer authentication and ensures issuers provide it with the ability to apply various exemptions which is especially important under PSD2 SCA regulations. This brings benefits to all the actors of the payment process. Issuers receive assurances that the real cardholder has made the purchase, merchants can minimize fraudulent activity and banks meet regulatory requirements.
Security-based user experience
Today, we believe it makes complete sense for banks to implement 3DS v2. Beyond meeting regulations, transactions are faster, with fewer steps in the purchase process for consumers, while security is strengthened.
With 3DS v2 you can utilize which ever authentication method you wish. The only condition here is that it should ensure the strong customer authentication requirements. It does not matter if it’s a one-time code with some adoptions, biometric authentication or something else. The customer will accept it if it’s convenient and easy.
For yet further user-centric security, the latest version of 3DS v2 enhances the opportunity to provide less friction during authentication by adding support of transactions risk scoring, merchant whitelisting and delegated authentication capability. Our experience shows that issuers and acquirers are not yet ready to support these features. They see the implementation of 3DS v2 more as a mandatory thing pushed by international card organizations and PSD2 SCA requirements in Europe rather than possibility to enhance user experience for card not present transactions. But this will change going forward. We estimate around 2/3 of our customers are thinking how to enhance the user experience after 3DS v2 implementation and take advantage of all the opportunities it offers. It definitely should be on the agenda for all the participants for 2021.
Authentication and risk appetite
The way we see it, such functionality should be viewed in combination with card schemes chargeback rules. The risk appetite of a bank or issuer will also have an impact on this, i.e. how much risk is an issuer willing to take to ensure a frictionless customer journey, and in that sense not require the cardholder to provide additional authentication.
At the end of the day – it’s about the customer experience vs the level of security and convenience vs inconvenience for consumers.