3D Secure: A data-open approach for a brighter banking future

The pandemic fast-forwarded online consumer behavior. In fact, the number of consumers performing more than half of their shopping online increased from 31% to 57% from pre- to post-pandemic.

Merchants kept step with their consumers and innovated to meet them where they were — in their homes, offices, or living room armchairs. But, as is often the case, with new trends come new opportunities for fraudsters to exploit the system. And so, in 2021, card-not-present (CNP) fraud constituted 85% of all card fraud.

We find that CNP fraud is dominated by cyberattacks, such as social engineering fraud, sometimes in collaboration with account takeover attacks, chargeback fraud, and friendly fraud. Unfortunately, these types of fraud are becoming increasingly difficult to detect and prevent. Traditionally, they’re a result of clunky authentication methods, such as email or SMS OTP, that are easy to hack but at the same time inject high amounts of friction into the cardholder’s purchasing journey, eventually leading to high levels of cart abandonment.

On the other end of the scale, ‘zero friction’ also has its downsides — ultimately leading to bad consumer experiences and abandoned carts. This is especially prevalent in markets such as the US, where 3D Secure is not yet widely adopted. In these markets, issuers have implemented rudimentary transaction risk scoring on the authorization leg of the financial transaction. And in cases where the transaction falls outside of the bounds of the consumer’s basic behavioral scope, the transaction is immediately declined, adding to the high rate of false declines.

In some cases, the issuer sends the cardholder an SMS to confirm whether the declined transaction was valid or not. In other cases, it is up to the cardholder to phone the issuer and report a falsely declined transaction. In both these scenarios, the consumer is left to perform the purchase again to achieve their initial goal. This creates major, unnecessary friction that could have been mitigated by intelligent, active authentication, allowing the cardholder to authenticate the transaction in the flow of the purchase, removing unnecessary friction.

A more modern approach — with acceptable friction — delivers an in-purchase-flow authentication experience built on the 3D Secure protocol, allowing merchants to request cardholder authentication from their issuers. This occurs silently with the use of risk signals or with secure authentication methods, such as in-app mobile authentication or FIDO, creating safe and secure cardholder experiences.

However, creating authentication experiences that are intelligent enough to introduce the least amount of good friction — only when necessary and in a way that boosts confidence and security — is not a given.

Which is where we come in…

Entersekt focuses on providing an EMV 2.2 certified access control server (ACS) that enables modern cardholder authentication experiences through built-in end-to-end OTP, app-free and in-app authentication journeys. Not only does our 3D Secure ACS enable issuers to choose their own journeys for their customers but also gives them full control of the user experience through self-service configuration options.

What’s more, unlike other ACS providers, Entersekt offers their customers the flexibility to choose between client-hosted or SaaS deployment options depending on their unique requirements. Our only question: our cloud or yours?

With simple, configurable self-service cardholder authentication journeys, utilizing modern authentication technologies and real-time API integration, issuers can personalize each cardholder transaction. The result — improving authentication success rates by 54% and achieving market-leading approval rates in excess of 90%.

At Entersekt, we offer financial service providers (FSPs) a data-open approach, providing them with access to a rich set of data on consumer behavior, merchant and transactional attributes, risk attributes, and the authentication outcome of transactions. This provides deeper insights into their cardholders’ behavior, driving better, more informed business and fraud mitigation decision making. With a data-open approach, we extend the value of our offering beyond a good payment authentication experience for cardholders, fraud prevention, and cost savings, to supporting business development, and ultimately helping our customers leverage data to drive more successful e-commerce experiences.