SA merchants should adopt EMV 3D Secure protocol
The new 3D Secure protocol
EMV 3-D Secure
is mandatory for European merchants selling to EU citizens, but the path to adoption in SA has not been a seamless affair, according to
EMV 3-D Secure is a messaging protocol that enables consumers to authenticate themselves with their card issuer when making card-not-present e-commerce purchases. The original release by the credit card networks took place in 1999 and was referred to as 3-D Secure 1.
“Merchants have been resistant to adopting EMV 3-D Secure (sometimes referred to as 3-D Secure 2) due to the friction that the first version of the protocol added to their e-commerce experience," explains Konrad Karczmarczyk, business development manager at Entersekt. "While the first version was rolled out with the best of intentions, outdated authentication mechanisms and prompts led to user frustration and high cart abandonment rates as well as false declines,”
“As e-commerce booms in SA, it has become more important than ever to depend on improved security – but in a way that doesn’t diminish the user experience.”
A collaborative effort between merchants, banks and card networks is required if the greater e-commerce landscape is to benefit from faster approval rates, low-risk trading environments, and a better user experience offered by the new EMV 3-D Secure protocol, the says.
Reducing false declines
He explains that with the new EMV 3-D Secure version, the card issuing bank completes the consumer verification steps in a matter of seconds and informs the merchant whether the payment can be authorised or not.
This exchange of data between merchants using EMV 3-D Secure and a card issuing bank to authenticate a cardholder, together with Strong Customer Authentication, is designed to significantly reduce the risk of fraud and improve check-out experiences.
It’s in everyone’s interest to share the data and reap the rewards.Konrad Karczmarczyk, Entersekt.
Moreover, the amount of data for merchants to send to issuers has increased from the 15 fields supported by the first version of 3-D Secure (which made it difficult to get a clear picture of the user) to over 150 data fields in new EMV 3-D Secure.
It is designed to improve the consumer experience by enabling intelligent risk-based authentication and reducing the number of false declines, because the more information that is shared, the more accurate the transactional risk assessment is.
However, some merchants have been reluctant to share so much of their customer data which they see as an asset and are questioning why the banks need it.
Karczmarczyk says it is critical to understand that the sharing of information and data by the merchant serves to drive down false declines, and with the banks better able to control the user experience, they now have more tools to reduce cart abandonment.
“By sharing more data you will ensure faster processing and more accurate assessments and thereby enable a better customer experience and an increase in sales. It’s in everyone’s interest to share the data and reap the rewards,” he explains.
Path to adoption in SA
While EMV 3-D Secure is now mandatory for European merchants selling to EU citizens, the path to adoption in SA has not been a wholly seamless affair.
“There seems to be a fair amount of leniency in terms of deadlines from card networks on the deployment of the EMV 3-D Secure protocol. September 2020 was the scheduled date for SA implementation, but this has been pushed out to the latter part of 2021, which may see card networks enforce penalties for not implementing the protocol beyond the new deadline,” he warns.
Perhaps one of the biggest benefits to merchants adopting the new 3-D Secure protocol, and a reason for its swift adoption, is that the fraud liability would shift from the merchant to the issuing bank. While it would mean that the merchant would have to provide the bank with the required amount of data in order to qualify for the benefit, this liability shift alone would make it worth their while, he ends.