Are you maximising 3DSecure for better acceptance rates?
Do you have an ecommerce site? If so, do you know that you need a 3DSecure (3DS) solution to help prepare for Strong Customer Authentication (SCA)? Our Senior Strategy Manager, Jasmine Wu, explains that the version of 3DS you choose could make a real difference to your online conversion rate. Read on, or request a call back to find out more.
All three versions of 3DSecure (3DS) are capable of supporting simple online authentication. However, EMV 3DS (or 3DS2) have a clear advantage, but only if you’re sending data correctly. In light of the schemes’ announcement of sunsetting 3DS version 1, it is even more important to get EMV 3DS working well as soon as possible.
EMV 3DS (or 3DS2) is designed to overcome the poor user experience of 3DSecure (3DS) version 1, but the most important advantage lies with data enhancement. It has more than 10x the data capability of the legacy version. However, more new data can also mean transactions are more likely to be mistaken for fraud if they’re not incorporated correctly. To realise the potential 3DS2 can bring, here’s a short guide.
Most merchants know they need to have mandatory data fields, but many are unsure if they should invest in harvesting more optional data. And if they do invest, which optional data is actually useful in reducing issuer step ups? We are here to help pick out the important ones and make the decision easier.
Aside from the mandatory data points set out in EMVCo specification, there are far more conditional and optional data fields, which are valuable for issuers to better assess fraud risks. However, as they’re optional, most were not required to pass standardised certifications. As a result, many merchants send inconsistent data formats, which leads to unnecessary declines.
According to UK Finance, there are a few key industry-recognised non-mandatory data fields that will be most beneficial to merchants. If done correctly, they can reduce the likelihood of challenge, because low risk transactions can be exempt, by issuers, within their TRA exemption limits.
Key recommended or optional data fields according to UK Finance Taskforce finding1
- The 3DS Method URL: this helps recognition of the browser and device and is not being used by merchants – around 30% of transactions sampled didn’t have this data
- Three key fields: as detailed in this table, are either missing, incomplete or inaccurate
- Remaining fields: other optional but useful data fields can also improve the challenge rates
Capturing data effectively
Make sure you test your 3DS solution via scheme testing, and don’t underestimate the time needed to do this. Both Visa and Mastercard provide testing support, with useful scenarios mapped out so that you can stress test your system.
You may also want to partner with an acquirer like Barclaycard, to allow access to data analytics and industry intelligence. This can help you optimise the full mix of SCA solutions beyond 3DS.
Using Barclaycard’s unique position
As you think about your data capabilities, we would encourage you to go beyond the mandatory minimum, and think about which data fields are worth investing in. 3DS2 is not designed to cause more declines than 3DS1 but this could happen if it’s not used correctly. There are some steps to follow to reduce declines and realise the benefits of 3DS2.
At Barclaycard, we’ve developed Barclaycard Transact, which uses data intelligence to optimise the reliance on 3DSecure and ultimately boost revenue. While it will continue to take time and effort to get your 3DS2 solution working smoothly, this provides a simpler, safe and most likely frictionless payment journey. While it is not designed to replace 3DS, it allows you to use 3DS only when you need to.
Key terms glossary
3DS Method URL: for a technical audience, key recommended data field
PSD2: Revised Payment Service Directive - legislation introduced by the EU and adopted by the UK
3DSecure (3DS): Security protocol for card payments through the three domains: acquirer-scheme-issuer
EMV: stands for Europay, Mastercard and Visa; the entity that developed 3DS2 as a cross-scheme standardised security protocol for card payments
1 Strong Customer Authentication: Communication on improving outcomes from 3DSecure – Data Consistency, 2 July 2020,https://www.ukfinance.org.uk/system/files/Strong%20Customer%20Authentication%20-%20Communication%20on%20improving%20outcomes%20from%203DSecure%20%E2%80%93%20Data%20Consistency_1.pdf