The 3D Secure protocol has been much (and somewhat unfairly!) maligned for the negative impact it has on the cardholder's online experience. Requiring cardholders to produce their password each and every time they try to transact on a participating merchant site significantly disrupts purchase flow. Adding friction to the online checkout process leads to cart abandonment, a reduction in card usage and higher operational costs related to lost or forgotten passwords.
However, this view of the protocol fails to acknowledge the fact that vendors, including RSA, have been innovating around the 3D Secure 1.+ protocol over the past years to significantly improve cardholder experience. In turn, cardholders, merchants and issuers alike reap the benefits.
Risk-based 3D Secure is perhaps one of the most impactful innovations around the existing 3D Secure protocol. RSA introduced risk-based 3D Secure in 2004 and since that time has continued to refine our Risk Engine to improve fraud detection rates and reduce false positive rates. In turn, we have maintained average fraud detection rates between 90 - 95% consistently.
With a risk-based approach, only high risk transactions are challenged. With RSA's Adaptive Authentication for eCommerce, the issuer is given full control over the challenge method, typically One Time Passwords (OTP) or on- or off-card data elements. This approach is bringing us one step closer to the "death of passwords" in the 3D Secure ecosystem.
RSA was also one of the first vendors to enable issuers to apply business rules to a 3D Secure transaction. The Policy Manager within Adaptive Authentication for eCommerce allows issuers to enjoy the best of both worlds -the ability to address their business priorities along with industry leading fraud detection capabilities.
Today, RSA is introducing a new analytics dashboard within Adaptive Authentication for eCommerce- the latest innovation for 3D Secure. The portal-based dashboard provides template reports that visualize trends, exceptions and other "smart" data about an issuer's 3D Secure environment.
The analytics dashboard is an impactful innovation as it will allow issuers to better understand their fraud landscape. The ability to analyze challenges and declines along with confirmed fraud by date, portfolio, BIN, merchant and other details provides a much more nuanced view of the fraud landscape. Users can drill in to achieve the desired level of granularity and change the attributes displayed on the fly. They can even change the look and feel.
Knowledge is power - and the new powerful analytics capabilities in Adaptive Authentication for eCommerce enable issuers to make better, data-driven decisions around when and where to leverage the Policy Manager to issue challenges and declines. The analytics dashboard is complementary to the Policy Manager which together allow issuers to achieve a balance between fraud risk and business priorities. On a broader scale, the analytics dashboard provides issuers with the context they need to know where to focus their fraud prevention activities.
Card Not Present (CNP) fraud continues to be a thorn in the side to issuers and merchants alike. In fact, the rollout of EMV in the U.S. market is expected to have a tremendous impact on CNP fraud, with losses expected to be $4 billion in 2016. Innovations like a risk-based approach, application of business rules and now issuer-specific analytics all help to strengthen the 3D Secure ecosystem and drive down CNP fraud.
Want to learn more about 3D Secure and CNP fraud prevention? Read the Aite whitepaper 3D Secure: The Force for CNP Fraud Prevention Awakens