Recently, members of the Cardinal team sat down for a webinar with Paladin Consulting Group to discuss the intersection of data and authentication and how these two things can help merchants fight fraud in the digital commerce world.
In today’s digital world, consumers are buying more products and services online than ever before, making it increasingly important for merchants to verify the identity of their consumers in card-not-present transactions. But since fraudsters and cybercriminals are always adapting and evolving, it’s vital for merchants to utilize an up-to-date fraud mitigation strategy. Now that everyone in the ecosystem has access to enhanced data, merchants and issuers can use that data in the authentication process, to ensure that all their consumers are trusted, legitimate consumers.
Additionally, in October 2016, EMVCo, the organization that now controls the 3-D Secure (3DS) 2.0 protocols, released the initial specifications. Since they’re built for the future, these new protocols are going to facilitate and encourage enhanced data-sharing between all parties involved in the transaction for authentication across all devices.
With 3DS 2.0, merchants and issuers will also begin to utilize new, dynamic authentication methods. By moving away from existing authentication methods like static passwords and knowledge-based questions, they will be able to expedite the online checkout process for their consumers while increasing the integrity of the transaction. This is undoubtedly a big development in this new data-sharing world, but it’s not the only thing that will make everything easier for merchants, issuers and consumers.
In Data & Authentication in the Digital Commerce World, a webinar with The Paladin Group, Maggie Bodak, Senior Product Manager at Cardinal and Ian Poole, Director of Technical Product Management at Cardinal discussed some of the recent changes in the industry, notably the role of data and its ability to optimize authentication solutions. After their presentation, both speakers answered some questions from listeners about this new landscape, how it’s changing and how to effectively prepare for these changes.
Q: Will there be any monitoring around issuer performance for 2.0?
A: Yes. Mastercard has already announced their Identity Check program, which has measurable performance indicators around certain criteria, particularly around challenges and the authentication experience. Other networks have indicated that similar program updates are coming, and that they will likely be announced soon. Essentially, we expect to see over 95 percent of transactions authenticated in a frictionless manner, while the challenge rate should be less than 5 percent. Remember, with 2.0, a challenge is not a bad thing because of the rich data. The issuer will have good reason to suspect a transaction is high risk. 2.0 will really change the way the industry looks at challenges.
Q: How does removing static PIN/passwords improve the customer experience?
A: If a challenge is necessary, the entire experience for the cardholder will be streamlined with either a one-time password or with biometrics. In the past, 3DS wasn’t as widely adopted, therefore the cardholder would forget their pin or password, causing abandonment issues when they did encounter 3DS. Now, even though adoption has increased significantly in the US, there will be even fewer challenges because of better risk-decisioning and data-sharing with the issuer. But since static passwords will be disallowed, the user won’t have to remember a password. It will be more user-friendly with the use of one-time passwords.
Q: How much work do merchants need to do on their websites or shopping carts to incorporate the ability to collect more data?
A: It really depends on your current integration, or lack thereof. The good news is that any merchant that integrates with Cardinal now, will be 2.0 enabled.
View the Presentation Slides Below:
Q: What data elements are necessary with respect to 3DS 2.0, relative to 1.0?
A: Some of the most common data elements with 3DS 1.0 are amount, card number expiry date, merchant name and expiration date, however some of our merchants pass a lot more information because we have a rules engine on top of the protocols. If you’ve been taking advantage of that and passing that information in, you might not have to change anything. From a 2.0 perspective, we’re looking at more data, including billing information, email, phone number, shipping information, if it’s available, and device-specific information. If the transaction originates from a desktop browser, we’ll be looking at IP address, screen resolution, user agent and other data points. If it’s a mobile application using our SDK, there’s some specific data elements for iOS and Android. Those operating systems have permissions and, if we’re allowed, we will collect data, including IP addresses and some of the specific operating systems and versions that we can pick off the device. Those are the biggest differences between 1.0 and 2.0 and, on top of that, there are a lot more fields that a merchant can proactively send on their own, which means there’s additional information you can pass based on different circumstances.
Q: Which card brands does this new 2.0 logic apply to?
A: First, the card brands that are associated with EMVCo, which are all the major ones – Visa, Mastercard, American Express, Discover, JCB and China UnionPay. These card brands are all a part of EMVCo and it’s up to them to implement solutions. In the U.S., the four major ones – Visa, Mastercard, Amex, Discover – will support it. Then, depending on the region, there could be some regional card networks that could be a part of it, but at the very least, all the major card networks out there will support it or have their own solution.
Today, consumers expect their digital transactions to be quick, safe, secure and friction free, which can make life difficult for merchants. Luckily, with Cardinal Consumer Authentication (CCA), our rules-based authentication solution, merchants can seamlessly authenticate consumers, keep fraudters at bay and provide their consumers the best possible experience. Speak to a fraud specialist today (877-352-8444), or request your own personal demonstration of how Cardinal Consumer Authentication can help your webstore.
One Connection to Cardinal will Drive Digital Commerce.