Snippet: While we have established that 3-D Secure has proven beneficial to the industry by reducing fraud, lowering issuers’ operational costs and increasing card usage and retention, adoption of the standard is still being met with resistance from skeptics within the industry.

While we have established that 3-D Secure has proven beneficial to the industry by reducing fraud, lowering issuers’ operational costs and increasing card usage and retention, adoption of the standard is still being met with resistance from skeptics within the industry. Many wonder why this is the case, so let’s examine why many are still hesitant to fully adopt 3-D Secure and what the industry can do to solve these issues.  

The main problem is the cumbersome user experience of almost all 3-D Secure implementations, which frustrates consumers and raises merchants’ concerns that shoppers will abandon transactions. Typically, online shoppers are required to enter a password and, since this password is rarely used, it is often forgotten, which results in incomplete or abandoned transactions. While one-time passwords (OTPs) help solve this problem, they are also a hassle and prone to user error.

Systems relying on OTPs or mTAN (mobile transaction authentication numbers) also involve mobile operators, which comes with additional costs and security concerns. The main problem, however, is that all passwords, whether OTPs or users’ own, are vulnerable to phishing attacks when entered into the browser.

So, what can be done to remedy this situation and unlock 3-D Secure’s potential?

Implementing a security platform that provides an intuitive way for cardholders to authorize card-not-present transactions using their mobile devices will help alleviate industry concerns with traditional OTPs. This process can be made as simple for the consumer as a one-touch Accept/Reject choice, which will reduce customer confusion and increase sales for the merchant, while eliminating fraud at the issuer. 

But how does it work?

When a cardholder places an order, the merchant initiates a request for customer confirmation. The request is routed via the 3-D Secure infrastructure to the issuing bank’s access control server. The bank then sends a confirmation message with the transaction details directly to the customer’s mobile phone through a secure, out-of-band communication channel. 

To confirm the transaction, the cardholder simply selects Accept or Reject – there is no need to enter a password online, eliminating the possibility of phishing attacks. The response is then digitally signed and sent back securely to the issuer before being relayed to the merchant using the 3-D Secure infrastructure.

Entersekt’s card-not-present authentication solution, which functions in exactly this way, has been accredited by Visa, Mastercard and American Express. The solution works on iOS, Android, BlackBerry and Windows Phone, as well as feature phones capable of running Java applications. To ensure the identity of all parties involved, Entersekt provides an X.509 certificate that uniquely identifies the device, enabling mutual authentication between the device and institution, and encrypts all communications end-to-end.

Enabling secure, real-time confirmation of transaction details on the customer’s mobile phone simplifies the user experience and reduces customer abandonment of transactions, eliminates mobile operator involvement, as well as text messaging costs associated with OTP-based solutions, and reduces repudiation, all while offering a secure two-factor authentication that remains compliant with standards set by the payments networks.


Being one of the first to have our solution accredited by all the major payment networks, Entersekt has a deep understanding of the 3-D Secure protocol and its evolution. The migration from 3-D Secure 1 to EMV 3-D Secure will be a complex one, but one that can be managed with the right partner. If you have any questions about EMV 3-D Secure or our unified solution to manage the transition, you can download our solution sheet or get in touch with us to request more information, arrange a demo, or contact our sales team.

 

Subscribe to our blog.


3-D Secure

Mark van Dalsen

MARKETING COMMUNICATIONS MANAGER

Mark has been marketing fintech since the last century and remains smitten with the business and the art of building brands.

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.