3DS2: perfecting the balance between security and convenience

When it comes to usability in the payments industry, customer experience and security always seem to be at loggerheads with one another. The delicate balance between the two whereby both can exist in perfect harmony is talked about in the same wistful tones as the legendary pot of gold at the end of the rainbow. In a world where technology is so advanced that we believe shooting a car out of the earth’s atmosphere to Mars is achievable – why is this balance so hard to reach?

Enter 3DS2. Apologies in advance to those people out there who would immediately comment to correctly point out that it isn’t called 3DS2. However, as a blanket term for the latest instalment of 3D Secure technology, you have to admit, it does the trick. 3DS2 arrived with the intention of closing some of the gaps that fraudsters love to exploit, whilst reducing the friction associated with Card-Not-Present (CNP) payments, and as it stands today, 3DS2 is a leading contender in the convenience versus risk balancing act.

In addition to fraud, one of the biggest pain points for merchants when it comes to CNP payments is basket abandonment. The concern is that the more authentication a shopper needs to provide, the less likely they are to complete the transaction. Backed heavily by ample statistics, it is clear that the more disruption to a shopper’s user experience, the less happy the customer: and as we all know, having unhappy customers doesn’t equate to increased sales.

Customer authentication requirements for PSD2 (and for good general security practises) dictate for two factor authentication, or as it is more commonly known in this context, Strong Customer Authentication (SCA).  This is made up of two of the following three actions: providing something you are (biometrics), something you have (card number or equivalent identifier) and something you know (password or PIN).

With 3DS2, this is no longer the case. The introduction of frictionless authentication as an additional option for risk mitigation means compliance can be still met, with less input from the consumer.

With enhanced data sharing, merchants and issuers can exchange greater contextual data to verify a consumer’s identity (transaction history, shipping address, device data, etc.), avoiding the need for consumer interaction for trusted transactions. Risk-based authentication means that customers only have to go through additional security if a certain level of risk is identified. With more control over level and type of customer authentication and more data for analysis that can be shared with issuers, version 2.0 offers a seamless and secure customer experience, twinned with a massive reduction in false declines and fraudulent activity.

Removing the need to rely on human memory is most certainly a giant step towards a frictionless user experience becoming a reality. In today’s modern age, it almost seems archaic for merchants and shoppers to have to make compromises, and now with 3DS2, they don’t have to.