What is 3D Security and How to optimize for 3DS success rate in Europe?

The rapid expansion of digital transactions across diverse industries has driven an extraordinary uptick in online financial operations, necessitating the implementation of stringent payment security measures.

One of the key systems aimed at enhancing payment security is 3D Secure (3DS), a security protocol designed to authenticate cardholders during e-commerce transactions, which plays a critical role in reducing fraud and ensuring the security of online payments.

In the ever-evolving world of online payments, the importance of optimizing the success rate of 3D Secure (3DS) cannot be overstated.

In this blog, we will delve into the intricacies of 3DS, focusing on the European context, and explore how merchants can enhance their 3DS success rates.

 How does 3DS authentication work?

Online transactions have become the staple of modern commerce, and with convenience comes the need for elevated security.

At its core, 3D Secure is an authentication method designed to add an extra layer of security to online transactions, visualized as an extra checkpoint in the payment process.

Here's a more detailed breakdown of how it works:

1. Payment Details Entry: The customer initiates the transaction by entering their payment details during the checkout process on a website or app.
2. Redirection to Card Issuer: Next, the customer is redirected to the 3D Secure web page of their card issuer.
3. Authentication Code Entry: The customer enters a one-time authentication code or password as requested by the card issuer.
4. Verification and Approval: The card provider verifies the entered details, and upon successful authentication, the payment is approved.
5. Return to Payment Page: Once approved, the customer is directed back to the main payment page, allowing them to complete their purchase.

It's worth noting that in some cases, there may be no need for the customer to enter any password or authentication code. Instead, the bank or card issuer can automatically verify the transaction, making the process even smoother.

What are the Key Performance Indicators for 3DS Optimization?

• Authorization Vs Authentication

Before we dive deep into the intricacies of 3DS optimization, it's crucial to differentiate between authorization and authentication. 

The authorization rate is the percentage of transactions that successfully obtained approval for access rights, while authentication refers to the percentage of 3DS transactions that are effectively authenticated.

Tracking both auth and authentication rates is crucial for a merchant to understand the health of their payments and devise a suitable strategy to optimise their 3DS.

• Error Reasons for 3DS  Authentication Failure  

According to a recent report by Ravelin, Analysis of millions of global business transactions reveals 22% of payments are lost when authenticated using 3D Secure.  

Authentication failures are common hurdles in the 3DS process, and they can occur for various reasons. Identifying these error reasons is a fundamental step in improving success rates. Common authentication failure errors are:

- Incorrect cardholder data.
- Technical glitches.
- Unresponsive cardholders.
- Cardholders declining the authentication.

By identifying and addressing these errors, businesses can take a giant leap towards improving their 3DS success rates.

• Segment 3DS Transactions

  1. MIT (Merchant Initiated Transactions) vs. CIT (Customer Initiated Transactions)

Whenever a transaction takes place it could either be MIT or CIT. MIT transactions (or frictionless flow) occur when merchants trigger the authentication, while CIT transactions (or challenged flow) necessitate customer authentication.

Segmenting transactions based on MIT and CIT helps businesses tailor the 3DS authentication approach to the specific risk profile of each transaction type and identify the bottleneck in your funnel, effectively.

Let’s understand it better with an example - Let’s assume 80% of your transactions are 3DS transactions and the rest are non-3DS transactions, out of the overall transactions:

Out of which: 

1. 50% is MIT (Let’s consider the MIT to be at 100% as it’s a frictionless flow)
2. 50% is CIT (Out of these CIT, the auth rate is 30% whereas declines are 20% since it’s a challenged flow, which could be due to multiple reasons such as card expiration or so on.)


This indicates that your CIT auth rate is 60% and you’re facing a 40% failure on the overall 3DS transactions. Suppose your overall 3DS authentication rate is 80%, which is a seemingly healthy figure at a surface level. However, once you delve deeper, after excluding MIT transactions, as there’s no challenge involved, you may discover that the 3DS authentication rate on CIT is considerably lower than anticipated.

2. The Performance of 3DS Versions

3DS has changed over time with different versions. Each version has its own set of rules and features, which offers a more enhanced security and user experience. 

To optimize 3DS success rates, merchants should pay attention to the version they are using and understand the specific nuances associated with it.

By ensuring that their systems are up to date with the latest 3DS version, you can improve their authentication success rates and enhance the overall payment experience.

3. 3DS Authentication by Platforms

The platform chosen for 3DS authentication—web or app—can significantly affect success rates. Customers may encounter different challenges and experiences when authenticating via a web browser compared to a mobile app. To optimize success rates, businesses must tailor their authentication processes for both web and app channels.

Understanding the disparities in performance between web and app authentication empowers businesses to make targeted improvements and enhance success rates across all platforms.

4.  Challenge Flow vs. Frictionless Flow

Challenge Flow involves additional authentication steps, such as one-time passwords or biometric verifications. It is typically used for transactions with higher perceived risk. Whereas, Frictionless Flow, in contrast, is designed for low-risk transactions, where minimal or no additional authentication is needed.

In a nutshell, segmenting 3DS transactions based on MIT vs. CIT and Challenge Flow vs. Frictionless Flow allows businesses to tailor their authentication methods to specific transaction types, optimizing both security and user experience as well as identifying which type of transaction has better authorization rates, which eventually helps shape the business model.

• Addressing Abandonment in Challenge Flows 

One of the key performance indicators in 3DS optimization is the abandonment rate for challenge flows. This metric measures the percentage of customers who abandon their transactions when faced with additional authentication requirements.

A high abandonment rate indicates that the authentication process is causing too much friction, potentially leading to lost sales. Reducing the abandonment rate for challenge flows should be a top priority for merchants.

Here are some of the ways through which you can better understand the impact and enhance the overall 3DS success rate.

1. Improving User Experience,
2. Offering Alternative Payment Methods and
3. Optimizing Authentication Processes.
4. Using Delegated Authentication Services - To standardize the authentication process across devices and processors.

• Performance Across Issuers, Schemes, and Processors

Grasping the nuances of transaction declines in 3DS is essential for businesses. 

By scrutinizing declines from major card schemes like Visa, Mastercard, American Express, and UnionPay, companies can identify root causes such as authentication errors or network issues. 

This understanding is vital for implementing strategic adjustments—whether through technical improvements, collaboration with card networks, or refining payment acceptance policies. 

Similarly, a targeted analysis of declines by issuer banks provides a clear perspective on top contributors, enabling businesses to implement precise solutions that strengthen the payment chain and improve authorization rates.

To optimize 3DS success rates, businesses need to delve into this on a granular level, requiring a comprehensive perspective on the performance of these insurers, schemes, and processors, among other dimensions.

3DS authentication success can vary based on the issuing bank, payment scheme, and payment processor involved in the transaction.

Analyzing data across these dimensions empowers merchants to pinpoint partners with consistently high success rates and make well-informed decisions.

inai offers pre-built solutions that not only deliver in-depth visibility but also actionable insights on how to fine-tune and maximize your payment processes and optimize payments and take some concrete actions.

• Leveraging 3DS Exemptions 

While optimizing 3DS success rates is essential, it's equally critical to leverage Strong Customer Authentication (SCA) exemptions in Europe. Exemptions are a valuable tool in 3DS optimization.

3DS exemptions offer relief from authentication for certain transactions based on specific criteria. When certain conditions are met, transactions may qualify for exemptions, meaning they can bypass the authentication process, leading to a more streamlined customer experience.

These exemptions are rooted in various criteria and reasons, each catering to different aspects of the payment ecosystem:

• Low Value: Transactions below a certain value threshold may be exempt from authentication.
• Low Risk: Transactions considered low-risk based on various factors may not require authentication.
• Trusted Beneficiaries: Certain beneficiaries or recurring payments can be exempted.
• Corporate Transactions: Business-to-business transactions may be exempt from authentication.

Monitoring and optimizing the use of exemptions can improve the success rate of 3DS transactions.

Conclusion

3DS is a cornerstone of secure online transactions in Europe. Optimizing 3DS success rates is a multifaceted challenge given the intricacies of the payment ecosystem.

inai offers comprehensive visibility into your entire stack, allowing you to assess your payment performance, and enabling real-time understanding of authorization and authentication metrics.

To gauge the health of your 3DS, it's essential to measure specific metrics and analyze the reasons for authentication failures, including segmentation for transactions. A comprehensive assessment extends to evaluating performance across issuers, schemes, and processors and beyond, so it’s essential to gain a holistic understanding of your 3DS system.