3-D Secure (3DS) is an authentication standard that enables real-time cardholder authentication between merchants and issuers providing an additional layer of security before authorization. With the arrival of the global pandemic, most businesses have been forced to implement an online solution making it imperative for merchants to take measures that combat ecommerce fraud. 3DS is a tool that does just that as it can help lower chargeback rates and help reduce costs that come with fighting, investigating and resolving chargebacks. In 2019, the global average acceptance rate of 3DS transactions was 70% and has since risen to 87% in 2020 as 3DS 2.0 has started to gain adoption. Going forward, the goal of 3DS 2.0 is to get this acceptance rate as close to 100% as possible.
However, there has been a reluctance in the past for merchants to implement 3DS due to the friction experienced by customers at checkout. 3DS 1.0 has long been associated with a bad user experience because it typically involved a redirect to the issuer’s webpage to authenticate the cardholder. As a result, the customer was required to entre a static password they had registered in the past with their issuing bank. This of course presents two issues in the payment process. First, if the cardholder has not registered a password with their issuing bank, they may be instructed to do so during the checkout process. From a merchant perspective, this is an unnecessary and unwanted step. Secondly, many of us simply forget our passwords. Merchants then run the risk of their customers abandoning the transaction entirely because they could not remember their password.
3DS 2.0 on the other hand, is an updated and enhanced protocol that promotes increased data exchange between the merchant and the issuer. The merchant sends additional transaction and device data not available in the 3DS 1.0 protocol, allowing the issuer to enable risk-based authentication. The additional data also allows the issuer to determine whether there is need for a challenge or whether further authentication is required. If no challenge is required, the issuer will authenticate the transaction in a frictionless manner. The importance of frictionless authentication cannot be understated as it improves the customer experience. If the transaction appears to be high-risk, the issuer will request step authentication, occurring to a small portion of transactions, approximately 5 to 10%.
Another improvement in the authentication process with 3DS 2.0 is the smart authentication methods implemented. Some of the options used with 3DS 2.0 are methods such as one-time passwords via SMS or email as well as biometrics, which are all security features the customer does not have to remember. This in turn reduces the probability of cart abandonment. It is also worth noting that cardholder registration is not required for a customer to participate in the 3DS 2.0 program. They are automatically enrolled by their issuing bank.
In summary, benefits of the 3DS 2.0 vs 3DS 1.0 program include:
It really is all about the data. The goal is to ensure a frictionless experience for your customers through seamless authentication. To accomplish this, merchants need to share more high quality data, especially device data, to issuing banks so they can make an informed assessment of risk.
The Moneris 3DS 2.0 API supports the data elements below, and we encourage you to pass in as many as possible:
To pass the device data, you will need to implement a card lookup request. This request verifies the applicability of 3DS 2.0 on the card and returns the 3DS Method URL that is used for device fingerprinting. The 3DS Method URL and 3DS Method Data are returned to the merchant server on the card lookup response. The 3DS Method Data can be transmitted to the 3DS Method URL via a browser post in order to supplement the authentication request with device data pertaining to the cardholder’s browser. The 3DS Method Data must be sent via HTTP POST to the 3DS Method URL in a hidden iFrame. Data points such as device type, browser type, browser language and time zone are incredibly useful in fraud prevention, which is why we recommend you send the 3DS Method Data.
When the issuer authenticates a transaction, they send back an authentication value that the merchant must insert in the authorization request. This authentication value is proof that the transaction has been authenticated by the issuing bank. With 3DS 2.0 there are two new fields required to be sent in the authorization request that were not mandatory with 3DS 1.0. The DS Protocol ID, which is the 3DS version number, and the 3DS Transaction ID that is returned in the authentication response.
Our hosted payment solution that allows merchants to process online payments on their website now supports 3DS 2.0. From a development perspective all that is required is an integration to our Moneris Checkout (MCO) solution and quick configuration in the Merchant Resource Center (MRC). A sales order is required to enable 3DS on your merchant account. 3DS integrates into MCO by routing transaction requests to the card brands for a 3DS authentication request. Only transactions that are authenticated will be sent for authorization. If the issuing bank is not authenticating the transaction, the transaction is not eligible for fraud-related chargeback protection and sending for authorization would not be a good idea. Merchants who were using 3DS 1.0 via MCO will automatically have their transactions sent to 3DS 2.0. Please note that there are new fields in the Moneris Checkout response for 3DS 2.0, which you may choose to consume. Moneris will also control this transition from 3DS 1.0 to 3DS 2.0 within MCO.
Moneris is committed to supporting the transition to 3DS 2.0, and this protocol is currently supported by both the Moneris Unified API and MCO. We strongly encourage you to upgrade to 3DS 2.0 based on the timelines provided by card brands below:
Global ecommerce is on the rise but so are false declines, lower authorization rates and digital fraud. Some staggering statistics to share with you in parting:
The 3DS 2.0 solution was designed to decrease fraud rates, increase authorization rates and streamline the customer experience. If any of these benefits sound appealing, then implementing 3DS 2.0 into your online store’s checkout is a no-brainer.
To order 3DS 2.0 please call our sales team at 1-888-782-3965.
If you’re just starting your 3DS 2.0 integration and need assistance, please contact our Client Integrations team at clientintegrations@moneris.com and a Client Consultant will be assigned to your integration project.