3D Secure Authentication
There is no doubt that online shopping is easy and convenient, but unfortunately, it can also make credit card fraud easy and convenient as well. Not all online businesses are giants like Walmart or Amazon that can afford state-of-the-art security for their online transactions either. Unfortunately, smaller businesses with less security can also be more vulnerable to hackers penetrating their systems and gaining access to customer's financial data. EMV (chip) cards have made POS transactions more secure by providing single-use tokens for each transaction but they don't do a lot to combat fraud online.
Why is Credit Card Fraud So Rampant Online?
Online purchases are called "card not present" (CNP) transactions. An individual doesn't need an actual credit card to make online purchases, all they need is the credit card information. Unfortunately, while EMV (chip) cards made in-person transactions more secure, the cards themselves still contain static information such as the credit card number, expiration date and CVV number that can be easily stolen and used online. If an online merchant stores that static data, it can be then be stolen in bulk and used again and again. In some cases, hackers may even end up with a wealth of personal information like full names, addresses and phone numbers to accompany the stolen credit card data. Unlike an EMV or digital wallet transaction that generates a single-use token for the transaction, static data can be used again and again for any number of transactions.
Financial data is always most vulnerable when it is transmitted but these days it is just as vulnerable when it is stored improperly. When credit card information is used fraudulently, someone ends up having to shoulder the financial loss. In some cases, it might be the cardholder if the charges go unnoticed. More often than not, however, it is the banks and card issuers that end up holding the bag. If a merchant is determined to not have the proper security protocols in place to prevent fraudulent card usage, they can end up being the ones to sustain the financial loss. In the end, however, it is always the consumer that ends up paying the ultimate price in the form of higher prices, fees or interest rates to offset the losses to banks and merchants.
3D secure authentication was established to help smaller online merchants that may not be able to provide the same level of transactional security of many of the retail giants. 3D secure authentication protects the merchant, the consumer and the card issuer.
How Does 3D Secure Authentication Work?
3D secure authentication is somewhat akin to tokenization. Rather than the merchant themselves collecting financial information, which they are then responsible for storing properly, the merchant sends the consumer directly to the card issuer's website. There, the customer securely logs into the card issuer's site, where they authorize the transaction. The card issuer then approves the transaction without any financial information being divulged to the merchant. In theory, it works similarly to a customer and merchant walking into a bank together. The customer gives the bank their account information and the merchant gives the bank theirs. The bank then transfers the funds directly from the customer's account to the merchant's account without any financial data being exchanged between the customer and the merchant.
Both the customer and the card issuer have the security of knowing that the merchant does not possess any of the customer's financial data and the merchant does not have the responsibility of protecting that financial data. The financial responsibility for the transaction also transfers from the merchant to the card issuer, so if there is any fraud involved, the card issuer is responsible not the merchant.
3D Secure Authentication Also Cuts Down on Chargeback Fraud
Chargeback fraud is also another common type of credit card fraud that is sometimes even called "friendly fraud." In some cases, a customer may decide they don't like or want the merchandise or service they purchased. Instead of taking the merchandise back or contacting the merchant to cancel and requesting a refund (or if the merchant won't give them a refund) they will simply call the card issuer and claim they did not authorize the charge in the first place. In most cases, card issuers will side with the consumer (their customer) rather than the merchant. When chargeback fraud occurs, it is generally the merchant that ends up suffering a financial loss. If a merchant experiences too many chargebacks, the card issuer may simply decline to continue doing business with them. Since customers actually have to log in to the card issuer's site in order to complete a purchase with 3D secure authentication, they are less easily able to claim they did not authorize it.
Ready for the next step?
Spot user behaviors and device information that’s suspicious, and stop those fraudsters in real time. We track billions of devices and our fraud analysts add evidence to make this intelligence even more effective.