19 February 2018
Hannah Preston


Hannah Preston - CA

6Posts 32,535Views 2Comments

The cold hard truth about 3DSecure

01 September 2016  |  5826 views  |  2

Even protocols whose mission and process remain the same need updating

In the world of online commerce, customer confidence is incredibly important. In the early days of the internet, 3D Secure was one of the most significant drivers of consumer confidence and eCommerce growth.

3-D Secure helped to instill trust and confidence in consumers who wanted to shop safely on-line, and also offered an established recourse process if there was any dispute with the merchant. Commercially 3-D Secure has significant benefits. Not only is the cost per transaction much less, merchants also benefit from a shift in liability.

3D-Secure recently described by a large gaming operator "As a merchant, why wouldn't you push all transactions through 3DSecure? It's cheaper and defers fraud liability. It's a no-brainer" yet purposefully do not process transactions being made via a mobile device through 3DSecure.  

So what's the problem?

3D Secure was originally invented in 2001; the first iPhone went to market in 2009. We can see the problem right here. The original protocol was never designed with the proliferation of mobile in mind.

As every organization with a desire to compete in the application economy undergoes a digital transformation, they embrace the mobile world and engage their customers who are using new devices and platforms.

Although the 3-D Secure industry has implemented solutions to improve the customer journey for mobile, like risk-based authentication and reconfigured customer facing pages, 3-D Secure was never designed for mobile devices. 

The journey for customers using a mobile device for eCommerce is typically faced with a poor and less-desired experience. Merchants are desperate to offer customers 3-D Secure security via mobile, to take advantage of the preferred transaction rates and liability shift. Merchants have a simple need to process a transaction as quickly, simply and cost-efficiently as possible.

Good news! There is a solution and it's due to arrive in the market very soon       

A huge project is in progress, which involves the entire payment security industry including, merchants, issuers, technology vendors, and card schemes collaborating to design the next generation 3-D Secure protocol.

The new design will address the poor experience on smartphone devices, integrate mobile wallets into the equation, as well as in-app transactions. EMVCo is due to release details of the new specifications in November of this year. Merchants and consumers alike are looking forward to seeing a much-needed improvement in the mobile experience.

Having seen early prototypes and doing a lot of personal research I can say the new solution focuses on simplifying the customer experience dramatically. 

TagsMobile & onlinePayments

Comments: (4)

Arnab Sinha
Arnab Sinha - Accenture - Amsterdam | 02 September, 2016, 10:44

Nice post, Hannah. However, must point out that the bigger problem with 3D Secure today is that the user experience is tremendously clunky and leads to the majority of the shopping cart abandonments. For an online merchant, the pains of lost sales more often exceeds the benefit of liability shift and reduced interchange. Mobile friendly checkout wil not do away with these fundamental issues.Use of biometrics/touch id as the additional authentication factor can probably help. What do you think?

1 thumb up! 1 thumb up! (Log in to thumb up)
Hannah Preston
Hannah Preston - CA - London | 02 September, 2016, 11:05

Arnab thank you for taking the time to read this post and comment.

Abandonment in the UK is minimal these days, as most issuers are taking a risk based approach typically 90% of transactions are processed without the need to authenticate with a password and this is becoming more widespread globally. Biometrics are in scope for the new protocol Mastercard already supports selfies.

The new protocol promises to be much more flexible than the existing protocol to accommodate modern methods of authentication. The holy grail, however, is using the data to make very accurate risk-based decisions. Any friction to the transaction creates an abandonment risk.

I'd love to share more with you, but I'm limited what I can say until EMVco release specifications later in the year. I anticipate there will be a lot of information available at the begining of next year. I'll definetely look to share what I can to help the industry plan, and realise the value.   

2 thumb ups! 2 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 02 September, 2016, 13:39

The program is getting a minor upgrade this year, yes. But it's still a very out of date to newer technologies. It will help cut down on the frictionless flow because we are able to submit more data for risk review but 90% would be nice here in the USA. Instead we are seeing 60-70%. They still want to see a really out of date iframe for a challenge and also still need the banks to participate and update their experience. All in all it is a step in the right direction. 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Hannah Preston
Hannah Preston - CA - London | 02 September, 2016, 13:42 The US is poor in it's adoption of risk based, most issuers are still challenging 100%. My colleagues are working hard to educate the industry in the US.
Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Hannah

Smartphones, Strong Authentication and Cardholder Expectation

22 November 2016  |  6200 views  |  0 comments | recomends Recommends 0 TagsSecurityPayments

The cold hard truth about 3DSecure

01 September 2016  |  5826 views  |  2 comments | recomends Recommends 2 TagsMobile & onlinePayments

Biggest change to 3D Secure in a decade

04 May 2016  |  3114 views  |  0 comments | recomends Recommends 0 TagsPaymentsEBAday

Worried about SIM Swap read this

17 April 2016  |  5453 views  |  0 comments | recomends Recommends 0 TagsSecurityTransaction banking

Hannah's profile

job title Payment Security Strategist
location London
member since 2016
Summary profile See full profile »
Now Solution Strategist at CA Technologies, a global firm bringing software solutions to the banking sector, Hannah has a background in Behavioural Analytics. She has quickly become key to the team at...

Hannah's expertise

Member since 2016
6 posts2 comments
What Hannah reads
Hannah's blog archive
2016 (6)

Who's commenting on Hannah's posts