3DS 2.0 Expands Card-Not-Present Fraud Protection to Mobile Payments

EMVCo 3DSecure 2.0Fifteen years ago, Verified by Visa was introduced as an additional security layer to protect online merchants, card holders and card issuers against online fraud. Today, each of the major card brands has its own 3D Secure (3DS) solution. While proven effective at reducing card-not-present fraud, 3DS has not been widely adopted by online merchants in the U.S. According to the “Annual Fraud Benchmark Report: North America Edition 2016” from CyberSource, only 23 percent of online merchants surveyed currently use 3DS as a fraud prevention tool.

That same survey also found that when it comes to employing fraud prevention tools, 3DS is the one most considered, with 20 percent planning new 3DS implementations. Why the increased interest? Up until October, merchants may have felt the fraud prevention provided by 3DS did not outweigh the customer inconvenience and possible lost sales. Requiring a cardholder to register a card, remember and enter a password — and/or wait for an SMS message with an authorization code — could lead to increased cart abandonment, with customers choosing to purchase elsewhere. The U.S. introduction of EMV “chip” cards, which are almost impossible to counterfeit, is one of several events causing fraudsters to shift their focus to online vulnerabilities, thus increasing the need for more detection and prevention. You can read more about the overall increase in online fraud here.

3DS may be the best solution to prevent card-not-present fraud on transactions made in an online browser, but what about mobile payments? Consider just a few mobile payment statistics and projections:

  • By November 2016, 42 percent of e-commerce purchases will come from mobile devices. – Bizrate Insights
  • In 2016, 51.8% of travelers who book trips via digital means will do so using a mobile device; in 2017, it will be 59.2 percent. — eMarketer
  • 48 percent prefer paying by phone as opposed to cash or credit card. – Chase survey of 1,500 adults
  •  Almost half of retailers say that (up to) 50 percent of their web sales come directly from purchases consumers made on apps. – Urban Airship (UK)

As more and more payments are made via mobile device — whether in-app, on a mobile website or as a digital wallet —the need to prevent card-not-present fraud extends beyond purchases made using an online browser. That’s why EMVCo was selected in November to advance and manage 3DS 2.0, an effort to expand card-not-present fraud prevention to mobile payments without affecting the user experience.

As a technical associate of EMVCo, mSIGNIA is contributing our experience and technology to help develop 3DS 2.0 specifications to support mobile payment fraud prevention while providing a more intuitive customer experience to encourage adoption. We recently joined payment industry stakeholders in Copenhagen for the EMV Users Meeting and two-day 3DS 2.0 workshop where we reviewed the initial draft of the mobile SDK final specifications. We will be in Shanghai in September to finalize the specifications, which are expected to be made available on a royalty-free basis to industry stakeholders in 4Q16.

The ultimate goal is to develop a safe, effective and user-friendly method to authenticate cardholders and reduce fraud and its related costs on any payment channel. We’ll provide more updates; in the meantime, you can learn more about EMVCo’s work on 3DS 2.0 by visiting their website.