Industry Insight: Security and the future of 3DSecure

Industry Insight UK

Security: the future of 3DS

There’s been a lot written about Chip Cards finally arriving in the US.  Industry commentators estimate that Chip Cards will reduce credit card fraud by 40%. 
 
As always with powerful initiatives such as this – the down side is that merchants who do not adopt these new machines & facilities will have the liability of any fraud on their merchant account thrown back at them. So the shift in liability is arguably a bigger deal particularly to more vulnerable merchants or those who thought do nothing was an option.
 
In this Industry Insight eNewsletter JetPay Solutions explains how we in the UK need to make ready for the paradigm shift as the payment fraudsters prevalent in the card-not-present and mail order space may abandon the once easier US targets and refocus back on the UK and Europe.
The UK Cards Association reports that in 2014 there was 331.5m GBP* of ‘UK issued cards’ card fraud of which 217.4m was estimated as being directly attributable to eCommerce. That’s a 10% increase on the previous year’s total with eCommerce up by 14%.

Trent Voigt, CEO & Founder of JetPay Solutions believes we in the industry will see a revitalised 3DSecure approach – a version 2.0 as it were – much stronger, more robust approach to fraud focusing on card users buying patterns and behaviour. Trent adds:

” The original concept of 3DSecure – which stands for 3 Domain Security – is made up of the company the purchase is made from (the Merchant) , the Issuing Bank (Bank on the Card) and Visa/Mastercard. Visa’s own version is Verified by Visa and MasterCard’s equivalent is branded MasterCard SecureCode.

The big deal with 3DS is the liability shift from merchant to the Card Issuer. If the transaction is successfully verified or the merchant attempts to verify and Card Issuer is unable to do so, then protection by the card issuers against fraud and chargebacks is assumed. Merchant subscribers to the 3DS scheme may even find their transaction charges decreasing as a result since many interchange rates decrease with 3DS in place on the transaction. All sounds great but is it enough. We at JetPay Solutions think not. The second iteration is definitely moving in the right direction though.”

Trent Voigt, CEO & Founder of JetPay Solutions believes we in the industry will see a revitalised 3DSecure approach – a version 2.0 as it were – much stronger, more robust approach to fraud focusing on card users buying patterns and behaviour.Trent adds:

The original concept of 3DSecure – which stands for 3 Domain Security – is made up of the company the purchase is made from (the Merchant) , the Issuing Bank (Bank on the Card) and Visa/Mastercard. Visas own version is Verified by Visa and MasterCard has its branded MasterCard SecureCode.

The big deal with 3DS is the liability shift from merchant to the Card Issuer. If the transaction is successfully verified or the merchant attempts to verify and Card Issuer is unable to do so, then protection by the card issuers against fraud and chargebacks is assumed. Merchant subscribers to the 3DS scheme may even find their transaction charges decreasing as a result since many interchange rates decrease with 3DS in place on the transaction. All sounds great but is it enough. We at JetPay Solutions think not. The second iteration is definitely moving in the right direction though.

Watch CEO Trent Voigt explain and discuss fraud, security, 3DSecure and many other aspects of fraud prevention in card processing here…

Watch CEO Trent Voigt explain and discuss fraud, security, 3DSecure and many other aspects of fraud prevention in card processing.

Click here: Video 2
Trent covers the the significance of Card Not Present transactions (CNP) as well as JetPay’s experiences of combatting fraud. This leads to the adoption of Chip & Pin in Europe vs Chip and Signature in the US. He wraps up this section by relating his views of both JetPay’s security products and those of competitors – and talks at length about 3DSecure, Verified by Visa and the liabilities of the card issuer. This is just one of four keynote videos.

In a 3DS version 2.0 environment the card holders shopping patterns are being watched and scrutinised.

Lets say youre a regular shopper online at a big vendor. Maybe you purchase from them twice a week; maybe they have a high street store too – and you do the family shop there as well. All that activity builds a profile – the patterns, the amounts, the products, time of day etc. so when a purchase is made at this regular vendor it is unlikely that any request for addition security information will be requested, yet the merchant still maintains the liability shift. This lowers the chance of cart abandonment and makes the customers shopping experience quicker and more enjoyable. However if a purchase is being made at an unfamiliar store outside of the card holders profile, particularly a big purchase, a 3DS box suddenly appears to query additional information to verify the card holder and prevent any fraud from occurring.

Fraud is prevented. All this in real time.

So implementing 3DS version 2.0 allows you to have less card holder interaction especially for your regular customers, which lowers the chance at cart abandonment yet still getting the liability shift in the case of fraud, all the while getting a lower cost for the transaction. A better solution all the way around.

Strangely though – very few companies have implemented the better version. If youd like to find out more talk to us about card security issues – click here or email us.

By | 2017-01-25T11:17:55+00:00 October 27th, 2015|Industry Insights|Comments Off on Industry Insight: Security and the future of 3DSecure

About the Author: