New data shows a fifth of payments going to 3D Secure are lost. Will the new 2.0 technology improve acceptance?

Analysis of millions of global business transactions reveals 22% of payments are

lost when authenticated using 3D Secure. Improved user experience alone won’t cut it – online sellers and payment providers need to get smart about how to manage PSD2 requirements from September.

3D Secure (3DS) is an additional layer of security for online credit and debit card payments – the most well-known examples being Verified by Visa, Mastercard SecureCode and American Express SafeKey. At the final stage of checkout it asks the buyer for a password so the bank can authorise the payment.

For all its good intentions, 3DS is notorious for bad user experience and the clunky interface can even make customers feel less secure paying online. The frustration of an extra password carries dangerous risks of customer dropoff and lost revenue for online sellers.

Ravelin found that across millions of transactions between February and March:

3DS authentication took an average of 37 seconds

91% of payments cause friction taking over 5 seconds to authenticate

Acceptance rates of the top 20 global banks by volume range from 68-92%

3DS with improved user experience still lost 19% of payments

The new technology promises to be much better. 3DS 2 is launching on April 19th, ahead of the Second Payment Services Directive (PSD2) coming into force in September. PSD2 requires nearly all payments in Europe to have two-factor authentication and makes online payment providers legally responsible for keeping fraud rates low across all their online sellers. To manage fraud and maintain acceptance rates, qualifying payment providers can conduct real-time risk analysis on all payments.

This risk analysis will be crucial. 3DS 2 enables payment providers to send much more data to the customer’s bank, like device and order history. The bank can use this data to recognise the customer instead of asking for a password every time. This version will also give customers more flexible ways to authenticate, such as by thumbprint, app-based authentication or a one-time password.

However, 3DS 2 won’t be a silver bullet for online merchants and payment providers. Ravelin found that even forward-thinking banks who have already implemented one-time password and app-based verification still lost 19% of transactions through 3DS.

Ravelin Head of Product, Mark Barlow says “It’s clear that improved 3DS 2 user experience alone is not enough to maximise acceptance. The huge differences between banks highlights that merchants will need to get smart about how they manage low-risk exemptions to the [two-factor] Strong Customer Authentication requirements.”