The frictionless authentication process flow allows a transaction to occur seamlessly, without requiring the user to face an additional authentication challenge. In an effort to protect merchants from fraudulent chargebacks, the 3-D Secure (or 3DS) protocol was first developed for Visa, Inc. back in 1999. Its main goal is to provide an additional layer of security for online debit and credit card transactions by verifying the identity of the cardholder at the point of payment via the issuing bank.
The protocol enables the transmission of various data points to be shared between the card issuer, the merchant, and the consumer to authenticate the user and ensure the transaction is being initiated by the rightful account owner.
Version 2 of the 3-D Secure protocol was released in 2016, with the goal of reducing the intrusiveness of the protocol and introducing the frictionless authentication process flow. The update also focuses on remaining in compliance with the newly imposed EU authentication regulations. It also takes aim at improving some shortfalls of the original version of the protocol, in addition to adding the authentication of non-payments, such as when a user enters their card information to a mobile wallet.
The upgraded 3DS2 offers a variety of enhancements over 3DS1, including:
- Transactions supported across a wide variety of devices to improve the overall customer experience.
- 10X more information to help improve risk-based decision-production for card issuers.
- Reduced friction for consumers, leading to lower rates of cart abandonment.
- The typical time to verify a transaction drops from 42 seconds to 37 seconds.
What is Frictionless Authentication Process Flow?
The frictionless authentication occurs when the 3DS protocol determines that a transaction poses a low enough risk of being fraudulent. It allows the transaction to occur seamlessly, without requiring the user to face an additional challenge for transaction authentication.
A standard 3-D Secure authentication transaction works like this:
- The merchant sends an authentication request with transaction and device data.
- The 3-D Secure protocol determines whether a challenge is required based upon the issuer’s risk review of the transaction.
- In the event the transaction is deemed to be high-risk, the issuer can request additional authentication steps.
- If, on the other hand, the transaction is deemed to be low-risk, the frictionless confirmation process takes place. Once the transaction is authenticated, an approval is sent to the merchant and the transaction can be processed as normal.
Difficulties with the Previous Version of the Protocol
After some analysis by academia, the original version of the 3DS protocol had been identified to have security issues that affect the consumer. These security issues included a larger surface area for phishing attacks, as well as a shift of liability in the event of fraudulent transactions.
How does Frictionless Authentication Process Flow Work?
As mentioned before, whether a transaction is approved for the frictionless flow or not is based upon the 3D Secure protocol’s determination of the transaction’s risk factor.
The 3D Secure protocol uses a variety of risk-based assessments to scrutinize each transaction and determine if it should face an additional challenge.
Some of these risk-based assessments include:
- Whether the customer is new or existing
- The total value of the transaction
- Device information
- Transaction history
- Behavior history
These data elements can be used by both the merchant and the issuer to determine whether the transaction should be further authenticated by the 3D Secure protocol.
How 3D Secure Authentication is Secured
In the event the customer is required to pass an additional challenge, the customer will be prompted to authenticate the transaction using biometric and / or two-factor authentication.
This helps ensure that the person initiating the transaction is the legitimate cardholder, as it is less likely that a fraudster would have access to the cardholder’s one-time password or biometric data.
Benefits of Frictionless Transactions
Frictionless transactions benefit both the merchant and the consumer in a variety of ways.
For the consumer, they will enjoy a higher level of security across the majority of platforms, as well as an improved user experience with the use of the frictionless transaction confirmation.
On the merchant’s end, they are provided with a variety of benefits, including:
- Lowered risk of fraudulent transactions – Even in the event of a cardholder’s information being used fraudulently, the fraudster is unlikely to have access to the cardholder’s device or their one-time password, or OTP.
- Shifts liability in the event of a chargeback – One of the biggest benefits to merchants of 3D Secure is that it shifts the liability for fraudulent chargebacks from the merchant to the issuer of the card.
- Improved authorization rates – Visa and Mastercard have reported an up to 10% increase in authorization rates when using 3D Secure.
- Seamless compliance – Using 3D Secure is one of the simplest ways to comply with PSD2 and SCA (Strong Consumer Authentication) regulations.
Some industry analysts have also predicted that the 3DS frictionless process will greatly reduce cart abandonment rates, up to 66%.