3D-secure 2.0. Fraud prevention with a new approach
The development of e-commerce has opened access to new online payment methods. Buyers can pay with plastic cards, electronic checks, contactless transfers, and other ways that were not so common before. But since the buyer is not physically present at the place of purchase, such payment methods require additional protection measures.
Fraudsters, with the development of online business, are also inventing new methods for obtaining money from cardholders. Particularly widespread was fraud in conducting transactions without the presence of cards. Such operations are more challenging to verify, so security should be higher.
With the development of 3D-Secure 2.0 technology and its introduction into mass use, the responsibility for preventing fraud now falls on the payment service provider and not the merchant. All transactions are checked, along with customer identification, with the help of massive computing power, which allows you not to affect the throughput of payments.
How do card issuers implement a 3D-secure 2.0
American Express SafeKey 2.0 is a technology based on 3D-secure. It helps prevent fraud and ensure the smooth operation of online payments on any device. SafeKey reduces the potential fraud level due to a more detailed exchange of information between the merchant and bank-emitter.
Among the additional functions are:
- Ability to request authentification (for MO/TO transactions).
- Availability of tokenization to increase transaction security.
- Integration options for checkouts.
- Purchases via smartphones, etc.
ProtectBuy by Discover
Discover uses 3D-secure 2.0 as well to protect all parties. Customers receive a one-time password in case their transactions are considered high-risk.
MasterCard Secure Code
Mastercard SecureCode technology is an additional security layer for making online purchases through the use of one-time digit codes. The code is valid for only one purchase.
Today, over 350,000 online stores worldwide support Mastercard SecureCode technology. To make sure that the store you have chosen is among them, look for the SecureCode logo on the merchant’s website.
Verified by Visa
Verified by Visa provides an additional level of security for e-commerce transactions before authorization. This protocol allows data exchange between the seller, the card issuer and, if necessary, the consumer, to confirm that the original account holder initiated the transaction.
The technology helps to improve customer service and increase sales volume.
How does 3D-secure 2.0 work?
3D Secure 2.0 interacts directly with the merchant and the payment provider. To verify the cardholder, data transfer is provided due, for example, to the customer’s purchase history, which helps to identify the cardholder. The more data the participants receive, the easier the identification process is, and the less likely it is to engage in fraud.
Such data checks do not affect cardholders and clients do not have to worry about anything. There is also no redirection from the client and no requirements for additional information.
Verification takes several minutes and is not challenging for a client. Usually, only a tiny fraction of operations are identified as high-risk.
What is risk-based authentification?
Most importantly, 3DS 2.0 significantly improves customer service by introducing Frictionless Flow, through the Risk-Based Authentication.
Risk-based authentification (RBA) is a form of detailed verification that assesses the potential risks of any login attempt in real-time. A specific set of rules determines the verification process.
RBA can be static or adaptive.
When implementing RBA, in most cases, an authentication protocol is used based on a question-answer, when, at the request of one of the parties, the other participant is obliged to provide an answer. It usually happens after the usual username and password.
Advantages of RBA
Any modern system should have more than one data verification method. Based on this, the introduction of a reliable authentication method always increases the reliability of the system.
Risk-based authentication uses data obtained through customer identity and access management and is fully automated. Such a system, having an additional form of authentication, saves both time and money, providing customers with an extra layer of protection.
In case of any discrepancy in the data provided, customers will be immediately notified. For example, often, scammers try to access an account from another country or using an encrypted IP. Naturally, it is possible to customize which actions are considered acceptable. It helps merchants protect their business from hacking attempts.
The bottom line
Network security and protecting your accounts from hacking is an essential part of the work of payment institutions. But you shouldn’t rely solely on third parties. Each merchant should also be aware of how to protect their customers from scammers. Today, customers are becoming more aware of security issues. Besides, they want to know how the transaction goes and what security measures the merchant takes. But even the most innovative technology has weaknesses that can be used to steal personal funds. Therefore, every transaction participant must consciously approach the security of online payments.