The EMV® 3-D Secure (3DS) protocol is de rigueur for preventing card-not-present (CNP) fraud in the EU and elsewhere. But with CNP fraud expected to top $15.3 billion this year, penetration in North America is set to explode.
So how can card issuers, banks, and merchants leverage 3DS to deliver a friction-free shopping experience without sacrificing security?
Consider where we are today. After topping $4.2 trillion this past year, post-pandemic ecommerce continues to gain momentum. Even as they return to real-world stores heading into the holiday shopping season, consumers continue to make their purchases through the web, mobile apps, text messaging, and popular payment options like Buy-Online-Pickup-in-Store (BOPIS). Nearly all of these involve a card-not-present transaction.
According to new research from Outseer and Aite-Novarica Group, total digital channel commerce will top $5.9 trillion by 2023. But while digital-channel sales have hit the stratosphere, so has CNP fraud, which is on track to exceed $17.2 billion during the same period.
With loss from this crime devouring more than 3%-5% of revenues and growing, organizations are forced to ask themselves tough questions. Do we throttle up security and risk losing revenues to false-positives and watch customers defect to competitors? Or do we prioritize customer experience (CX) and watch fraudsters make off with our profits?
But it doesn’t have to be this way. In regions around the world, the 3-D Secure protocol from EMVCo has emerged as the gold standard in stemming the rising tide of CNP fraud while actually streamlining the cardholder experience. Now, all signs point to a dramatic rise in adoption in North America—or else.
3-D Secure: Kicking Fraud (and Friction) to the Curb
At Outseer, we continue to observe rapid growth in 3DS deployment across all geographies. During the first half of 2021, the most significant increases have been seen in the UK, where 3DS transaction volumes grew to include nearly half (46%) of all CNP transactions—up from just 7% in Q3 2020. Australia and New Zealand (ANZ) have experienced similar trends.
Propelled by rising fraud rates and government or payment network mandates for multifactor authentication (MFA) in these regions, 3DS is seen as an essential deterrent to CNP fraud. The strong customer authentication (SCA) mandates in the European Union’s Second Payment Services Directive (PSD2) are also driving increased adoption.
It’s easy to see why. Solutions leveraging the 3DS standard analyze hundreds of risk indicators to silently authenticate customers before a transaction even happens. In the largest global study of its kind, the Aite-Novarica Group research found that these solutions prevent more than 85% of all fraud loss while reserving step-up challenges for a very small percentage of high-risk transactions.
By itself, this should inspire accelerated 3DS adoption throughout North America. But it also presents a threat. When countries across the globe first upgraded to EMV for card-present transactions, for instance, fraud attacks migrated to those where EMV chip cards had not yet been widely deployed. The same pattern is expected to play out with 3DS. For the US and Canada, it already is.
The Great American 3DS Boom Ahead
According to the FTC, reports of credit card fraud jumped 104% in the US last year, after growing just 27% over the preceding two years combined. CNP fraud represents the vast majority of those cases—along with a 60% rise in new credit card account fraud. And it’s getting worse. We estimate US CNP fraud loss will total $7.9 billion by the end of 2021—nearly half the $15.3 billion in total CNP loss expected worldwide this year.
To be clear, 3DS adoption in the Americas has been growing at a rapid clip, just not as fast as in the EU. During the second quarter of 2021, a full 37% of all CNP transactions in the Americas were protected by 3DS, up from just 10% in Q3 2020. Yet while admirable, it’s still 10% lower than the UK and EU. And that makes US-based CNP transactions and account openings more tempting prey for fraudsters out to weaponize an endless amount of stolen identity and credit card information. Especially if the gap widens further.
But there are also a number of other reasons 3DS is about to catch fire in the US and Canada.
- Merchants and issuers doing business in the EU’s $300 billion e-commerce market are exempt from PSD2’s SCA requirements for now—but that could change on a dime
- Regulatory fervor is spreading fast: Mexico, Australia and others have also started to adopt SCA regimes
- Even if federal regulators are slow to take action, it’s just a matter of time until California or other states enact such standards, too (spoiler alert: Don’t be surprised if Kansas beats the Golden State to the punch after seeing identity fraud-related complaints spike 1,801% since 2019)
Stopping Fraud, Not Transactions
Needless to say, 3DS adoption is also just smart business. According to Visa Research, up to 72% of online shoppers have abandoned a shopping card over security concerns. But 3-D Secure has been shown to reduce checkout times by 85% and cart abandonment by 70%. In addition to increased revenue, fewer false positives and less intervention make for better transaction experiences—and happier, more loyal customers.
Best of all, North American issuers, merchants and others can leverage fully-hosted solutions that prevent up to 95% of fraudulent CNP transactions with only 5% requiring challenges. All without the need for additional IT staffing or overhead. Given the risks and rewards, 3-D Secure deployment should be job #1 starting now.
To learn more global adoption trends for EMV 3-D Secure and its benefits, download a complimentary copy of the report: “Maximizing the Potential of CNP” from Outseer and Aite-Novarica Group, here.