I’ve spent considerable time with merchants over recent months, hearing about their sentiment towards authentication, examining their 3D Secure (3DS) performance, and ultimately helping them refine their strategy to match their goals.
Here are some key takeaways from these sessions and the advice I would offer to any merchant rethinking their 3DS strategy.
What is your risk appetite and payment strategy?
There is no one-size-fits-all solution when using 3DS. An optimal strategy begins with clearly understanding your overall payment approach and assessing your risk tolerance. It’s all about balancing minimizing customer friction with effective fraud prevention.
Let’s explore how two different businesses approach 3DS:
Quarters Jewelry is a fictional online retailer offering affordable costume jewelry to teens and young adults. It primarily attracts customers through social media advertising and prioritizes a fast checkout process, as higher customer acquisition costs directly impact its profits. Since it deals with low-value payments and is willing to accept a degree of risk, its strategy should be to fulfill its regulatory requirements without adding pain points for buyers and making 3DS a drop-off point.
Off-White Furniture is a fictional high-end furniture brand that sells expensive items. Customers spend considerable time evaluating their purchases, making them less likely to abandon the checkout process due to added friction.
An optimal approach would be to apply 3DS to most (if not all) transactions to add that extra layer of security and benefit from the liability shift.
Many merchants either apply 3DS uniformly or reserve it for specific high-risk transactions. While these strategies may align with broader payment strategies, they often lack optimization and can adversely affect overall performance.
To maximize results, I recommend delving deeper and fine-tuning your strategy. In the next section, we’ll explore how leveraging exemptions can enhance this optimization.
Takeaway: There’s no universal approach to implementing 3DS; it requires a tailored strategy that considers your payment model and risk tolerance.
Can you use exemptions?
Exemptions allow merchants to bypass 3DS for certain transactions that typically require it. This approach gives merchants greater control over the payment process and enhances the customer experience.
Under the current Strong Customer Authentication (SCA) guidelines in Europe, merchants and issuers can leverage four key exemptions that allow customers to complete payments without facing a 3DS challenge (other markets that mandate 3DS also offer their own exemptions):
Key Points to Consider
- Issuing bank discretion: Issuing banks can refuse to grant an exemption.
- Liability shift: There is no liability shift if an exemption is granted.
Your decision to use exemptions should align with your overall payment strategy and risk tolerance.
For instance, Quarters Jewelry, in the example above, should use exemptions whenever possible in line with its strategy of creating a friction-free checkout experience.
Meanwhile, Off-White Furniture may choose not to utilize exemptions due to its lower risk tolerance. In fact, they may choose to go in the opposite direction and use a “mandate challenge flag” to explicitly request that the bank challenges the buyer.
However, Off-White Furniture could still apply low-value payment exemptions for minor purchases, like sofa cleaners, or utilize TRA exemptions to streamline transactions for trusted, returning customers.
Learn more about SCA exemptions.
Takeaway: Carefully evaluate your payment strategy and risk levels when considering exemptions for 3D Secure. Leveraging exemptions can enhance the customer experience while maintaining control over your payment flow.
Can you facilitate a frictionless flow?
A major advancement in 3DS protocols is enabling a ‘frictionless flow,’ allowing customer authentication without challenging the user.
While initiating a frictionless flow is at the card issuer's discretion and assessed on a per-transaction basis, providing more data in the transaction request increases the likelihood of approval.
In an authorization request, you can provide around 170 data points—including customer addresses, email addresses, and phone numbers. We advise you to share as many as possible.
Introducing a frictionless flow could be transformative for a company like Off-White Furniture. It would allow it to achieve all the benefits of 3DS while creating a more streamlined customer checkout experience.
Takeaway: Provide as much data as possible in the authorization request to give issuers more confidence to permit a frictionless flow.
How is 3DS performing at a market and BIN level?
The industry often discusses 3DS in broad strokes, but the reality is much more nuanced. Even in Europe, the deployment of 3DS varies significantly across countries and banks, leading to differing performance metrics at both the market and Bank Identification Number (BIN) levels.
For instance, according to Ravelin data, the 3DS challenge success rate in Belgium is 77%, whereas in the UK, it’s 94%. Therefore, analyzing 3DS performance at a country and issuer level is crucial for identifying areas for optimization.
Therefore, it pays to examine 3DS performance at a country and issuer level to understand it and pinpoint areas for optimization.
We’ve assisted various merchants in this regard, yielding impressive results. One merchant experienced a 7.5% uplift in authorization rates across its top 150 BINs by mandating a 3DS challenge, resulting in a six-figure increase in settled revenue over just a few months.
You can read more about it here.
Takeaway: Go granular with your 3DS strategy, especially in your key markets.
What 3DS metrics should you track?
Due to the lengthy nature of chargeback disputes—sometimes lasting up to 360 days—evaluating 3DS success may necessitate a review of historical data. By analyzing chargebacks from the past year, you can identify likely fraudulent cases and estimate the potential impact of a more robust 3DS strategy.
The key performance indicators I suggest you review are:
- Liability shift rates: Track how often liability shifts occur after implementing 3DS.
- Conversion rates: Monitor checkout conversion rates to identify any drop-offs.
- Authorization rates: Assess how many transactions are authorized following a liability shift.
- Drop-off rates vs. dispute rates: Balance checkout drop-offs against the costs of potential disputes. If drop-offs are acceptable in fraud prevention, this can indicate a successful strategy.
Like every aspect of payments, 3DS is dynamic. Ideally, review your strategy monthly; however, a quarterly or biannual review may be more practical for smaller teams.
Takeaway: Review your 3DS performance regularly and work with your payment partners to tweak and optimize your strategy.
Refine your authentication strategy
Building an effective 3DS strategy involves understanding your business needs, leveraging data, and refining your approach. By carefully considering the nuances of 3DS, you can enhance security while providing a seamless checkout experience, ultimately increasing customer satisfaction and loyalty.
To get it right, there are lots of important questions that need to be answered:
- Where do we see 3DS in our flow?
- What role do we want it to play?
- What tools can we use to execute our 3DS strategy?
- How does our performance differ from country to country and by issuing bank?
At Primer, we can help you refine your strategy based on that data, using all the tools, expertise, and insight you need to achieve your strategic goals.