Consumer Authentication Grows Up – 3D Secure 2.0

Oct 28, 2016
Alan Nevels, Senior Vice President of Card Risk and Merchant Services

For nearly two decades, issuers, merchants and acquirers have been forced to rely on imperfect technology in an effort to protect themselves in the ecommerce space. This Consumer Authentication (CA) solution- 3D Secure (commonly known as Verified by Visa and MasterCard SecureCode)-was introduced as one of the greatest authentication tools of its time. Unfortunately, the solution didn’t quite live up to expectations, due to unstable integration, off-putting pop-up boxes that thwarted the online purchase experience, and consumers who could not remember their passwords.

Another initial criticism of Consumer Authentication was that the technology redirected the consumer at the critical point of purchase. And consumers, who were unfamiliar with this authentication practice, became confused or annoyed and abandoned the transaction.

Merchants Give Consumer Authentication Another Look. With card-not-present fraud on the rise, thanks to the ongoing spate of data breaches and adoption of EMV, there is renewed interest in online authentication solutions.

Presently, only about 18 percent of U.S. ecommerce traffic runs through the 3D Secure rail, but that is a number that has actually tripled over the last three years, according to the Aite Group.

Another study conducted by CardinalCommerce, a firm that specializes in mobile commerce and payment solutions, also found a positive shift in perceptions and sentiments towards Consumer Authentication technology.

Driving the renewed interest in Consumer Authentication technology, are new authentication practices that rely less on fixed passwords and more on dynamic one-time pass codes that are sent to the consumer via mobile phone or email, and device location ID via IP address or computer location. The new and improved, 3D Secure 2.0, allows authentication to work in-app, in the digital payments space and in-browser.

Merchants also now have the ability to take a selective approach to Consumer Authentication, such as only asking for validation for overseas purchases, versus having every transaction validated. For the consumer, this all leads to a more secure, satisfying experience.

Industry players take heed. As interest in Consumer Authentication grows, industry players are paying attention. Late last year, MasterCard announced a new mobile technology, Identify Check, that allows Consumer Authentication for online purchases using selfies or fingerprints. 

EMVCo. (a global technology-standards unit controlled by Visa, MasterCard, and four additional networks) is also set to launch a more refined Consumer Authentication tool.

A Layered Approach to Fraud Prevention. For issuers and merchants, the best strategy for effective fraud prevention is still a layered approach. Criminals act much different at the point-of-sale than the average consumer. By examining consumer behavior, adopting EMV, and harnessing the power of advancements in Consumer Authentication technology, merchants and issuers will have a clearer picture of transaction risk.