Combating Fraud While Creating a Frictionless Payment Experience
by Fintech News Singapore May 6, 2022Online shopping, which was already experiencing massive surges prior to the pandemic, added hundreds of millions more e-commerce customers over the last two years, as both merchants and buyers pivoted online to survive while social distancing.
A Google-Bain report found that Southeast Asia alone added 70 million new online shoppers, from early 2020 to mid-2021. The figure now is definitely higher. The report predicts the number of online shoppers in Southeast Asia to reach 380 million by 2026.
And with super-apps such as Shopee, Lazada, Grab and Gojek offering users enticing users to their e-wallets with discounts and point perks, card issuers such as Visa have noticed Card Present sales underperforming compared to Card Not Present (CNP) sales such as QR codes and e-wallets.
Unfortunately, this same ease-of-use and speedy checkout times of QR codes and other CNP sales options have made the vast number of new online shoppers easy targets for cybercrime or fraud attacks.
While phishing schemes accounted for 14% of fraud in 2021, cyber criminals have also evolved – recent tactics include brand abuse and rogue mobile apps that imitate a legitimate company to gain users’ personal data, log-ins, and credit card information.
Along with a surge in e-commerce, there has been a marked rise in sophisticated fraud, such as synthetic identity and account takeover. Online payment fraud losses are expected to exceed US$206 billion over the next five years and will be driven by identity fraud, according to Juniper Research.
In response to increased sophistication from fraudsters, the old protocol of authenticating card payments – 3D Secure (3DS) 1.0 – has also evolved to better combat fraud in a mobile-first environment.
What is 3DS2.0 and How Does It Prevent Fraud?
Since the 3DS1.0 protocol was introduced 16 years ago to verify card payments online i.e. sending an OTP via SMS, customer expectations on the speed of the online checkout process have risen dramatically.
The 3DS1.0 and its subsequent variations were incredibly cumbersome due to the use of pop-ups and even irritated users to the point of them abandoning the checkout process in addition to often being not compatible for mobile phones.
The new 3DS 2.0 protocol is distinctly mobile-friendly, and promotes speedy and easy authentication for mobile-first e-commerce activities, thereby combating fraud while creating a frictionless shopping experience.
With the addition of an SDK (software development kit) component, the card payments authentication process is comprehensively integrated with mobile apps. Similar to an API (application programming interface), with 3DS2.0 merchants can ensure that the authentication process looks and feels consistent with the rest of the app.
3DS2.0 dramatically improves mobile-first users’ shopping experience, while incorporating biometric authentication within e-commerce apps as a security measure.
However, to promote ease-of-use, the merchant’s platform will only require additional authentication if the risk is high – only triggering with a small percentage of the transactions. Thus, unlike 3DS1.0, the authentication activity via 3DS2.0 is invisible to cardholders.
image from Pixabay
The Clock is Ticking: Why Card Networks Are Sunsetting 3DS1.0
2022 will be the last year 3DS1.0 will be widely used, as major card issuers such as Visa and Mastercard will be discontinuing support or “sunsetting” 3DS1 effective October 2022. For the Visa network, there is already no more payment guarantee for transactions authorised with 3DS1.0. By October 21, 2022, secure payments must use the 3DS2.0.
Meanwhile, by October 14, 2022, Mastercard will no longer process 3DS1.0 transactions for cardholder authentication. Any transaction submitted to the Mastercard 3DS V1 directory server will result in the network refusing the transaction.
Major card networks are pulling support for 3DS1.0 because they recognise that authentication measures must be upgraded to combat the more sophisticated cyber crime and fraud methods that are impacting e-commerce sales and eroding consumer trust in online payments.
Today, it is vital to have the most up-to-date protocol to guarantee safe and fast shopping, high conversion rates, thereby resulting in a frictionless shopping experience. Furthermore, merchants and issuers alike are set to enjoy increased revenue through higher approval rates via 3DS2.0’s intelligent risk management.
How To Quickly Upgrade to 3DS2.0
With the deadline for the shift to 3DS2.0 looming, Asian issuers and acquirers need to shift or update their 3DS infrastructures quickly and seamlessly to avoid getting left behind in the digital payments space. Fraudulent transactions can easily erode years of trust and loyalty built up with customers, and result in heavy losses.
Fortunately, the transition to 3DS2.0 can be completed easily with Netcetera’s suite of secure digital payment services, built on 15 years of experience. The Swiss-based software company is the 3DS market leader in German, Austria, and Switzerland – key EU and global financial hubs – and is now bringing its authentication expertise to Asian card issuers and acquirers.
Mindful of the October 2022 transition deadline, payments players have looked to Netcetera to accelerate their payment security to be 3DS2.0-compatible, such as innovative global payments solutions platform EML Payments (headquartered in Australia with operations in over 27 countries) and Vietnamese e-commerce payments gateway VNPAY.
Netcetera operates a comprehensive and flexible set of 3-D Secure services in order to best support card issuers’ and banks’ needs and requirements in a fast changing market.
Netcetera’s comprehensive 3-D Secure portfolio provides individually-configurable customer solutions, helping issuers protect against credit card abuse during online payments and securing online commerce for acquirers.
All Netcetera products already comply with the 3DS 2.0 standard with biometric functions such as fingerprint and the EU’s Payment Services Directive 2 (PSD2) specifications. To find out more, visit Netcetera’s website here.
Featured image credit: Edited from here
