Card programs can increase purchase authorization rates without taking on undue fraud-liability risk with 3-D Secure (3DS). Here's what it is and how card issuers can leverage it.
Credit cards and card networks were first designed for a card-present environment. However, as e-commerce and card-not-present transactions grew, addressing fraud quickly became complicated.
How could issuers and merchants address fraud when there wasn’t a card to examine, a person to match to a name, or a clear merchant location to link to? More data was the answer, but delivering it efficiently without cardholder friction was challenging.
Enter 3DS. As more US merchants incorporate 3DS in their checkout flows, let's look at what this is and how it impacts card programs.
What is 3DS?
3DS is an authentication process that merchants can use to verify that a cardholder is who they say they are prior to sending a purchase authorization. 3DS adds an additional layer of security for e-commerce transactions, and when a merchant receives a 3DS authentication from the issuer, they can generally shift liability for fraud to the issuer under network rules. For this reason, issuers need to pay close attention to their 3DS decisioning and rules engine.
The “3D” in 3DS refers to three domains: The Acquirer, the Issuer and the interoperability domain between them.
During the 3DS authentication loop, dozens of data points related to the cardholder, their device, and the purchase transaction, are sent to the issuer. The issuer can leverage a rules engine to decide whether or not to authenticate the transaction.
Issuers can immediately authenticate lower-risk transactions, moving them to the purchase-authorization phase. And they can route high-risk transactions to additional identity-verification challenges, such as two-factor authentication (2FA).
In the US, the merchant decides whether or not to use 3DS. In the European Union, banks and other payment service providers must use 3DS to meet Strong Customer Authentication (SCA) requirements under PSD2. The latest version of the 3DS protocol, 3DS 2.0, contains far more data fields than the earlier one.
3DS in action - A case study
Let's look at the case of a Lithic customer, a well-known neobank, that adopted 3DS decisioning in late 2023. Our customer manages large volumes of card transactions across geographies in varied card-not-present contexts.
When setting them up with 3DS, Lithic backtested one month’s worth of our customer’s transactions to see how effectively our 3DS offering could fight fraud.
First, we compared the list of fraudulent transactions, as reported by the neobank, to the list of transactions with merchant-provided 3DS authentication data to identify the shortlist of ‘addressable’ transactions.
Next, we applied Lithic’s 3DS decisioning engine against these transactions and observed that Lithic would have instantly declined authentication on at least 35% of these transactions.
Since these transactions were 3DS authenticated in reality, the neobank had effectively no real chargeback rights. Using Lithic’s 3DS decisioning would have resulted therefore in a near-instantaneous 35% reduction to the neobank’s fraud losses.
Lithic also helps issuers apply their proprietary real-time 3DS authentication rules through a feature called Customer Decisioning. With this feature, issuers can leverage proprietary signals to develop authentication rules that further reduce fraud rates.
Lithic’s implementation gives card programs access to 30+ high-signal data fields about a transaction and the person initiating it. Effectively, 3DS provides contextual data that are analogous to those provided in an in-person transaction.
Issuers can also eliminate data silos and link 3DS authentication data to subsequent purchase authorization messages. Once the cardholder is authenticated through 3DS, this data joins two new elements from the decisioning process.
These are the authentication approval (“authentication value”) and a signal flagging the issuer’s acceptance of liability.
These are carried over to the authorization phase, enabling issuers to use rich 3DS data in their fraud engine to safely authorize or decline card transactions.
Improving security and the cardholder experience
Intelligent 3DS transaction routing is the key to delivering a safe and high-quality cardholder experience. 3DS can successfully authenticate the cardholder and give the issuer a high degree of confidence that the transaction is safe to approve. It creates visibility and business insights, and most importantly, it creates happier cardholders. If you’d like to learn more, download Lithic’s free guide outlining the most critical components of 3DS.