With a global e-commerce market value nearing $5 trillion in 2021, online shopping is no longer a short-lived trend but the norm. The advance of widespread internet connectivity combined with the proliferation of mobile devices has increasingly driven consumers to shop online in recent years. Now, amplified by the need for safety in the wake of a global pandemic, retailers have seen an unprecedented surge in e-commerce sales with U.S. consumers spending $791.70 billion online in the U.S. in 2020, up an incredible 32.4% from $598.02 billion the prior year.
However, this positive market growth also comes with increased rates of fraud. E-commerce fraud is expected to surpass $20 billion in 2021, a Juniper Research report found. Juniper Research report found. This loss would represent an 18% increase, compared to the $17.5 billion recorded last year.
Created as a response to online fraud, 3-D Secure (3DS) is a security protocol introduced by Visa over a decade ago for card-not-present transactions. This technology made it possible to authenticate cardholder identities in real time during the checkout process. With the advances in technology and fraudster tactics, however, the industry soon saw the need to update the original protocol and launched 3-D Secure 2.0 (3DS2).
The contents of this whitepaper look at the changing world of taking online payments and the cybersecurity risks involved. We will examine how 3DS2 improves upon 3DS, how the 2.0 version works, and the benefits it provides to merchants — including a reduced risk of chargebacks, an enhanced customer experience, and increased sales. But before we explore these concepts, it’s important to understand how e-commerce and payment technology are evolving.
The Changing World of E-Commerce
The founding of Compuserve in 1969 marked the official launch of the first e-commerce business. However, e-commerce, as we recognize it today, has been in existence since the early 1990s with the introduction of the World Wide Web and the first online purchase made on NetMarket.
To say e-commerce has grown since those days would be an understatement. A decade ago, e-commerce accounted for around 7% of total U.S. retail purchases. Today online sales represent nearly 20% of spending through all channels.
In addition to the recent pandemic, the massive growth of online sales can be attributed to other factors such as the increased usage of mobile devices and the creation of the digital wallet. In just a five-year period from 2016 to 2021, the number of smartphone users has increased by an incredible 73.9 %, while the number of consumers using digital wallets hit 2.8 billion at the end of 2020. And with convenience as a key benefit for shoppers, it’s estimated that 60% of the world’s population will use digital wallets by 2025.
Today’s consumers can easily browse e-commerce sites from a desktop or mobile device and then use their digital wallet to check out. Without the need to key-in credit card details, it’s much easier for consumers to make payments online – purchases can now be completed with only a few clicks. This reduction in “friction,” or barriers that would make a sale more difficult, is a trend many merchants are catering to in order to increase sales. In fact, research from Baymont suggests that just by improving the checkout design, the average large e-commerce site can gain a 35.26% increase in conversion rate.
These advancements in payment technology and the resulting changes to consumer behavior have created opportunities for other players beyond merchants. Online criminals have made it their mission to find vulnerabilities in the payment flow. While e-commerce sites, mobile devices, and mobile wallets offer many security benefits — such as tokenization, point-to-point encryption, and fraud filtering — online fraud continues to be a threat to the e-commerce ecosystem as attackers find new ways to defraud banks, businesses, and consumers.
The Growing Threat of Online Fraud
As e-commerce shopping grows in popularity, fraudsters are increasingly targeting these more vulnerable card-not-present (CNP) transactions. In the first four months of 2021, the United States saw a 25.07% increase in the number of digital fraud attempts, compared to the last four months of 2020. The same TransUnion report indicated that digital fraud attacks against financial services companies increased 109% in the United States during the same time, and globally the total was up 149%.
Without the presence of a physical card, these attackers aren’t bound by the security checks found when completing traditional in-person transactions, such as the EMV standard that authenticates cardholder identity based on a chip and PIN system. In the late 90’s, it was relatively easy to steal a credit card number and use it to buy whatever you wanted online. And even when additional data points were collected to authenticate transactions, such as CVV numbers and cardholder addresses, criminals still found methods to skirt the system. The industry addressed this concern by introducing 3DS — a security protocol developed specifically for e-commerce.
A History of 3-D Secured
3DS technology was first developed in 1999 by Arcot Systems (now CA Technologies, a Broadcom Company) as a way to prevent unauthorized credit card transactions made online. 3D stands for “three domains.” The first domain is the card issuer, the second is the retailer receiving the payment, and the third is the 3DS infrastructure platform that acts as a secure go-between for the consumer and the retailer.
Visa was the first of the card brands to deploy 3DS technology, with the introduction of Verified by Visa in 2001. The other card brands followed suit, rolling out their own branded solutions like Mastercard SecureCode and American Express SafeKey. All of these solutions have improved e-commerce security by requiring more than just a credit card number, CVV, and address to make an online purchase. During the checkout process, the cardholder is redirected to the issuing bank’s website where they are asked to provide proof of identity by entering a unique password, an SMS code, or a temporary PIN. If the authentication process is successful, then the buyer is redirected back to the merchant’s site for payment confirmation.
Challenges Arise for 3-D Secure: An Impossible Balancing Act Between Security and Checkout Experience
While the original 3DS technology added extra security through its authentication process, it also introduced friction to the checkout experience. Payment flows that utilize 3DS often create a disjointed experience by redirecting the shopper to another website, potentially causing confusion or frustration. This protocol requires more time and interaction for the shopper that can result in shopping cart abandonment.
Additionally, since 3DS pre-dates the rise of mobile device usage, it was not designed with mobile payments in mind. In the United States, approximately 40.1% of consumers use their smartphones to make purchases, and 44% of Generation Z use mobile wallets as their preferred form of payment method. With 3DS, the necessary authentication pages or pop-up screens were not optimized for a mobile experience. The older security technology combined with new devices made for a frustrating shopping experience — including pop-ups that couldn’t be seen on smaller screens or the need to search for and input detailed card verification data. In some cases, the resulting fragmented experience left the shopper fearful that the authentication process itself was a scam attempt. And considering that nearly twice as many consumers abandon their cart on mobile devices compared to consumers shopping on a desktop, merchants were left in quite the quandary: how to balance security with convenience in order to avoid lost sales.
Payment Security for the New World of Card-Not-Present: Introducing 3-D Secure 2.0
With security and customer experience at odds with one another, a new security protocol was needed to address the inherent issues with 3DS, as well as the challenges that arose from the advent of mobile payments. A new and improved protocol was borne when EMVCo launched 3-D Secure 2.0 (3DS2) in
2016. 3DS2 embeds the authentication process and relies on a greater volume of data to verify cardholder identities in real-time — without the use of redirects that delay checkout.
3DS2 Improvements That Make The Difference
Several notable improvements were made to the original 3DS technology in order to better prevent fraud while reducing the rate of cart abandonment. 3DS2 collects and cross-references a greater number of data points, eliminates the need for pop-ups and redirects, and offers compatibility for mobile commerce. Let’s explore these improvements in more detail:
- Greater Number of Data Points For Authentication
The original 3DS security protocol didn’t pass along as many data points as the current version, which meant that the customer more often had to fill in the gaps and actively participate in the process. By collecting and cross-referencing 10x more data points, 3DS2 improves the reliability of authentication and limits the customer’s involvement.
- Embedded, Real-Time Authentication
With the original version of 3DS, customers were more likely to be redirected to a third-party authentication page. As consumers have come to expect a quick and easy checkout, this sort of delay can easily result in confusion and lost sales. With 3DS2, authentication is completed in real-time and embedded in the checkout so that customers won’t have to leave the merchant’s website to complete their purchase.
- Compatibility with Mobile Commerce
With more shoppers utilizing mobile, e-commerce merchants no longer have the luxury of deciding whether or not to design for mobile devices. Optimizing your e-commerce business for mobile sales is a must. As opposed to its predecessor, 3DS2 was designed with mobile devices in mind. By using software development kits (SDKs), merchants can integrate authentication screens within their desktop and mobile sites, mobile apps, or even smart TVs, watches, and gaming consoles. The resulting embedded authentication limits shopper participation during the checkout process and decreases friction for mobile shopping.
How 3DS2 Works
With 3DS2, authentication takes place behind the scenes — usually without the customer’s involvement. The payment gateway passes along customer- and transaction-specific data points to the cardholder’s issuing bank. If the bank successfully verifies the customer’s identity and decides that the transaction poses a low fraud risk, then they authorize the transaction. In the unlikely event that the bank is unable to authenticate the cardholder’s identity with the provided data points, the cardholder may be prompted to enter their preset password for verification purposes.
The 3-D Secure 2.0 Authentication Process
- The customer initiates a transaction online
- The payment gateway passes key data points along to the cardholder’s issuing bank so that they can evaluate risk.
- If the issuing bank successfully authenticates the customer’s identity and decides that the transaction poses a low fraud risk, then the transaction is authorized. This is the case with the majority of 3-D Secure transactions. Note: when this occurs, the merchant is not held liable if the transaction turns out to be fraudulent; the issuer would be liable instead.
- If the issuing bank was unable to authenticate the cardholder’s identity per the above steps, the cardholder will be prompted to provide more information. The issuing bank will then choose whether or not to authenticate the transaction.
Reducing Fraud, Minimizing Chargebacks, and Growing Sales with 3DS2
By utilizing 3DS2 technology, merchants no longer have to choose between safeguarding cardholder data and a frictionless checkout process. 3DS2 technology reduces fraud and chargebacks without compromising on the customer’s experience. By using behind-the-scenes identity verification, authentication can typically be completed without the customer’s involvement. Merchants who implement this technology stand to reap multiple benefits, including:
Fraud Prevention
Authenticating the identity of the cardholder during the transaction process helps to filter out fraudulent purchases and verify the consumer’s active participation in the transaction. As compared to the previous security protocol, ten times more data points are used as a means of determining if the transaction should be approved or if it cannot be verified as authentic — increasing the reliability of the authentication process as a whole.
Chargeback Protection
In the unlikely event that an authenticated transaction turns out to be fraudulent, the bank issuing the transaction authorization is responsible — not the merchant who accepted the payment. Plus, 3DS2 protocol also helps to protect against “friendly” fraud chargebacks — or chargeback disputes that occur because the consumer wants their money back on a legitimate purchase.
Improved Checkout Experience for Consumers
If authentication is needed, the technology offers a frictionless, customer-friendly approach. The data exchanged within the 3DS2 servers reduces the odds that a customer will need to verify their identity in order for the transaction to go through. It enables merchants to embed the authentication process into the payment flow instead of through the bank’s website.
Increased Sales
By improving the customer’s experience while simultaneously filtering out fraud and authorizing more authentic transactions, merchants can benefit from a reduced rate of shopping cart abandonment and ultimately increase sales.
Getting Started with 3DS2
The benefits of 3DS2 are clear for merchants and consumers alike, and the adoption of 3DS2 is picking up steam in the payment and retail spaces. Now’s the time to start supporting this advanced technology!
If you’re a merchant or developer who’s looking to get started with 3DS2 technology, know that Sola offers the easiest and most cutting-edge path. Choose from our payment gateway integrations for e-commerce sites, or use the PaymentSITE hosted checkout form for a sleek checkout flow that requires zero development work.
The Role of Sola in 3DS2 Authentication
As a payment gateway, Sola supports the technical infrastructure and the relationships required for the secure processing of payment data. The gateway operates as a facilitator between the cardholder’s bank and the merchant’s issuing bank. This central role allows Sola to gather and pass along key data points to the card brand for authentication.
Sola E-Commerce Integrations
Sola is a leader in developer-friendly payment gateway integrations for accepting payments online, in-store, and through mobile devices. Our support for 3DS2 allows you to streamline e-commerce and mobile payment flows to ensure customer satisfaction while safeguarding cardholder data.
The Sola payment gateway was created by developers for developers. Many Sola integrations can be completed with just a few lines of code. To ensure that integration is hassle-free, our white-glove integrations support team is available to assist.
Choose between a full integration of our payment gateway for your website using our powerful API, plugins for popular shopping carts, or a quick migration from an existing solution using our gateway emulators:
Custom Integrations: Our comprehensive SDK provides the tools you need to integrate faster, including a full-stack API that enables deep integration and a custom payment flow.
Plugins for Popular Shopping Carts: Sola provides easy-to-use plugins for WooCommerce Magento, and other leading online shopping carts. Using our proprietary iFields solution, sensitive card data completely bypasses the host server, significantly reducing your PCI scope and liability.
Gateway Emulators: Our gateway emulators will translate your existing gateway’s API into Sola API so that transactions can be routed through your gateway to Sola — without the need for a full integration. Simply change the gateway URL to the Sola endpoint and get up and running fast.
PaymentSITE Hosted Payment Form
Start accepting secure payments online without writing a line of code or dealing with security and hosting challenges. Sola’s hosted payment form tool, PaymentSITE, makes it easy to build customizable forms for accepting payments. PaymentSITE streamlines payment requests for donations, deposits, and invoices by giving you the capability to email your payment form, share it using a unique URL, or embed it into your webpage. Features of PaymentSITE include the ability to:
- Customize required fields for billing, shipping, and transaction info
- Support mobile wallets for one-click mobile commerce
- Curb fraud and simplify PCI compliance using robust data tokenization
- Prompt consumers to opt-in to recurring payments
- Create consistent branding with a logo upload tool
Even More Benefits of Sola E-Commerce Solutions
In addition to industry-leading 3DS2 security, you’ll enjoy access to many added features and benefits to help you streamline invoicing, improve customer satisfaction, and lower costs.
- Gain Greater Control and Efficiency with Split Capture: Rather than having to capture the total authorization amount when shipping out orders, merchants who use Split Capture are able to capture multiple portions of a prior authorization.
- Make Payments Predictable with Recurring Payments: Set up automatic payments with the ability to customize amounts and frequencies.
- Support a Wide Range of Payment Methods: Sola supports credit and debit cards (EMV, contactless, magstripe), mobile wallets, ACH, EBT, and more.
- Provide a Frictionless Checkout with Digital Wallets: It’s easy to make websites mobile-friendly with Sola’s support for digital wallets like Apple Pay and Google Pay.
- Reduce Costs with Interchange Qualification Monitoring (IQM): Sola performs over a dozen checks and routes transactions to minimize fees for merchants.
- Safeguard Your Business with Advanced Security: 3DS2 is just one of Sola’s many security features. We also offer true tokenization that assigns a unique ID for each transaction, as well as fraud filtering that stops fraud in its tracks.
- Simplify PCI Compliance: With Sola, your system never touches actual credit card data, making PCI compliance that much easier.
Adapting to the New Era of e-Commerce
Technology has transformed the way merchants do business and how consumers make purchases. Accepting payments online and through mobile devices has created limitless opportunities for buyers and sellers to connect all over the globe. With this opportunity comes the need to not only protect your business but also the responsibility to safeguard customer data from online criminals — criminals in constant search of ways to exploit vulnerabilities in e-commerce payment processes.
With previous security protocols, this meant sacrificing an optimal checkout experience and in turn, losing out on sales. Today, 3DS2 technology helps to create a frictionless payment experience for consumers without compromising on security.
Sola makes it possible for developers and merchants to implement this advanced, card-not-present technology through integrating with our powerful payment gateway and utilizing our suite of e-commerce solutions. Ultimately, Sola’s support for 3DS2 technology gives our clients the ability to reduce fraud and chargebacks, increase customer satisfaction, and grow online sales. To learn more, visit www.solapayments.com/3d-secure.
Are You a Developer?
Experience the difference of advanced technology designed for maximum scalability along with industry-leading customer support and competitive residuals. Help your customers prepare for the new world of payments, while reaping the benefits of a partnership that puts you and your business first. Learn more at www.solapayments.com/partner-program.
Are You a Merchant?
Experience payments designed to work seamlessly with your in-store, online, and mobile platforms. Solas solutions are designed with both customer and merchant in mind, and offer affordable pricing, advanced security, and customized support. Learn more at www.solapayments.com/merchants.
