What is 3DS (3D Secure) and how to use it

Unless you’re new to eCommerce, you’ll be aware of the business dangers of online fraud, and they aren’t going away anytime soon. LexisNexis’ 2021 study reported both the cost and volume of fraud are increasing significantly year-on-year, not the type of growth we want to see.

Security systems like 3DS are vital to combating fraud. This checkout process is a requirement for eCommerce stores selling in Europe (including the U.K.). Yet, the path to 3DS implementation hasn’t always been smooth-sailing.

Here, we take a look at the importance of 3DS and how merchants can use it. We will also be sharing actionable steps to reduce the risk of failed transactions or abandoned carts.

What is 3DS (3D Secure)?

3D Secure is an online fraud protection protocol. From your customer’s point of view, this means an extra step to verify their identity.

You’ve almost certainly experienced 3DS as a customer. Before completing your purchase, you have to enter another password, or agree to the transaction on a mobile app. This process helps prove it was you making this purchase, not a fraudster.

But what if you’re on the other end of the transaction? From a merchant’s point of view, the most important step is to enable 3DS. It’s mandatory for anyone selling into the European Economic Area (EEA), as well as other countries like India.

Putting legalities aside, setting up 3DS is a sensible step to take wherever you’re selling. As WorldPay clearly states, not enabling 3DS will result in declined transactions, losing you valuable business.

3DS stands for Three-Domain Secure. This refers to the data shared between the three domains involved at checkout: the customer’s bank sending money, the merchant’s bank receiving money, and the infrastructure in between (the internet, website, server, and so on).

You may see references online to ‘3DS2’. The ‘2’ merely signifies the newest version of 3DS. For example, as 3dsecure2.com explains, this newest version allows for ‘dynamic authentication methods’ like biometrics (such as FaceID on your iPhone), providing even tighter protection against fraud. Other advantages of 3DS2 include improved design and two different authentication flows.

How 3DS protects your eCommerce store and customers

How 3DS protects your eCommerce store and customers

There are a lot of ways that implementing 3DS can protect you, the eCommerce store owner, and your customers.

Protecting eCommerce stores and customers from fraudulent activity

Picture this: a fraudster enters the details of a stolen bank card at checkout. Instead of immediately being able to purchase the item, they’re challenged to prove their identity. They’re unable to provide the extra password or dynamic authentication so the purchase is declined.

In the above scenario, everyone benefits (except, of course, the fraudster). The eCommerce business doesn’t lose revenue to fraudulent activity. Consumers benefit because their bank details aren’t illegally used. Banking partners of all involved spend less time and resources investigating and compensating fraud.

Minimizing chargebacks for eCommerce stores

A further financial benefit to eCommerce stores is the avoidance of ‘chargebacks’. Chargebacks happen when a cardholder disputes an unrecognized payment on their bank statement. This ‘dispute’ costs banks non-refundable fees, which are passed on to the merchant. Plus, the merchant may also have to return any money taken in the transaction. 

3DS (specifically 3DS2) protects your eCommerce store against chargebacks.

As Judopay explains, 3DS2 reduces chargebacks by shifting liability. Instead of the merchant paying chargeback costs, liability is shifted to the customer’s bank because 3DS2 enabled them to check the customer’s identity. In other words, it’s not the merchant’s responsibility if a fraudulent transaction was checked by 3DS2.

Improving customer loyalty

Aside from the technicalities of declined authorizations and chargebacks, 3DS has huge potential benefits for customer loyalty. Shopping from a website that uses fraud prevention like 3DS is a sure sign that the store takes financial security seriously — a sure-fire way to increase potential customer trust.

Trust is a big game in eCommerce. The World Economic Forum points out that it’s often harder for suppliers to gain consumers’ trust online compared to offline. This challenge increases when a merchant is in a different country from the customer. 

In a survey by the Centre for International Governance Innovation (CIGI), 22% of consumers said they don’t shop online. Almost half of those non-online shoppers said it was because of a lack of trust. When asked what online behavior changes people were making, 12% responded ‘making fewer online transactions’, meaning lack of trust may also be preventing repeat customs as well as new business.

CIGI’s survey was run in early 2019 so we suspect the data would have changed since, especially given the consumer impacts of lockdowns. But it remains a fact that making your online store feel, and be, as safe as possible for all involved is a win-win situation.

How to use 3DS for your eCommerce store

You’re now clear on the benefits of 3DS. Whether it’s building customer trust or minimizing fraud, adding 3DS to your eCommerce store can offer great advantages.

So, how do you implement it?

Luckily, setting up 3DS is a relatively straightforward process.

The first step is to check whether your payment gateway supports 3DS. Chances are it will, especially if you’re using one of the main players. Worldpay, Braintree, N26, PayPal, and Stripe are all examples of some of the payment gateways offering 3DS.

If your payment gateway doesn’t support 3DS or makes it difficult to implement the latest standards, it’s time to consider moving. Use this blocker as a chance to review your wider approach. Start by taking a look at our blog How to optimize your checkout process.

So now you’ve got a 3DS payment gateway. What next? We’ll use Stripe as an example. 

Setting up 3DS with Stripe

Enable Stripe to automatically display 3DS in countries or areas with mandates or regulations such as Europe’s Strong Customer Authentication). While 3DS is optional in other countries, you can still use it as a way to reduce fraud. 

Stripe lets you manually set parameters in the API so customers are prompted to complete 3DS authentication. 

In fact, Stripe offers three default rules for dynamically requesting 3DS during the checkout process. These default rules make it easy to implement 3DS on your site.

When implementing 3DS, make sure the secure flow is displayed to customers throughout the transaction. If you are using Stripe, they will automatically do this. 

Stripe will also automatically redirect customers to their bank’s website to complete authentication. Once the authentication is complete, customers will be sent back to your site. You can choose where customers land when being redirected back to your site so be sure to set this as your order confirmation page.

While you can’t choose what 3DS looks like, you can decide how and where it will be shown on your site. Most merchants opt for a modal dialog above the payment page.

As with most payment gateways, Stripe uses 3DS2 as the highest standard in preventing fraud. However, if the customer’s bank can’t support that protocol, it will ‘fall back’ to the original 3DS with its more static, yet still protective, features.

Payment gateways are vying for business like the rest of us, so their websites and documentation are helpful. Check out the nitty-gritty details of Stripe’s 3DS process here

The impact of 3DS in Europe

As we’ve touched on above, 3DS is mandatory in Europe. This requirement of 3DS in Europe came into effect following the phased implementation of the revised Payment Services Directive (PSD2).

The European Commission proposed PSD2 back in July 2013. However, the final compliance deadline wasn’t until December 31 2020 for Europe. The U.K. had an extension until September 2021 due to Brexit.

All this means that 3DS is relatively new to Europe. With the newness of 3DS in Europe come many tales of teething issues. When 3DS first came into effect, we saw stories of merchants experiencing increased rejection rates after implementing 3DS.

The main reasons why 3DS transactions fail

The main reasons why 3DS transactions fail

To better understand the impact of 3DS and the issues merchants may face, we need to remember that there are three main reasons why 3DS transactions fail. These are:

  • Fraud – as discussed, the ‘payer’ is unable to verify their identity due to not being the legitimate card holder
  • Abandonment – customers find the 3DS process too taxing, and abandon checkout
  • Transaction failure – technical issues mean that checkout doesn’t complete

This third reason is especially frustrating for all involved, as no party (merchant, customer, or bank) gains anything from the situation. By constantly reviewing your site performance and keeping an eye open for potential issues, you can minimize the risk of 3DS payments failing due to transaction failure.

In addition, work on your cart abandonment rate to identify ways to speed up the checkout process and reduce abandonment rates. We will cover how to avoid this below.

The reasons behind technical issues are wide-ranging. The Mastercard Payment Gateway support site lists some of the potential issues that are within the merchant’s control – branding of iframes, month formatting, and descriptions, to name a few. As you can see, there are many things you can be doing to reduce 3DS technical issues.

With that said, transaction failures are sometimes caused by the customer’s bank which eCommerce stores have very little sway over. In these cases, you simply have to be patient and understanding. And hope that your customer will return once the issue has been resolved at the bank’s end.

As Vlad Macovei wrote on The PayPers in October 2020, “it is known that issuers are more ready in some countries than in others” and this readiness is evident in 3DS performance. Fraud prevention company Ravelin analyzed millions of payments and found a huge variation in how the top twenty global banks performed. According to Ravelin, acceptance rates ranged from 68-92% between the top 20 global banks. As Ravelin’s research was conducted in 2021, we would like to hope that many of these issues have been since been resolved as banks work on their 3DS compatibility.

Macovei’s warning was further proven when different countries experienced hugely different failure rates after implementing PSD2. According to dynamic payments company Forter, the U.K. (which was known to be more prepared) experienced a 9% failure rate. While 9% is still a significant chunk of potentially missed revenue, it pales in comparison to France’s 71%.

The good news is that, according to Forter, “over 80% of the transactions that fail are the result of abandonment and issuer bank failure. This means that many of these failures could have been prevented.”

How to mitigate the risks of 3DS

eCommerce sellers can’t do much about customers’ banks. As 3DS has now been mandatory since December 2020 in Europe, many banks have made vast improvements to their 3DS performance. We suspect that if Ravelin ran their study today, they would find much-improved acceptance rates.

Asides from technical issues on the bank’s side, there is plenty in your control regarding 3DS failure due to cart abandonment.

Educate customers

Firstly, educate your customers. Tell them about 3DS before they reach checkout. It’s not exactly the most riveting of information, so publish little signposts everywhere that people might notice: in product page footers, at the basket stage. You could even share more in-depth information about 3DS on your blog or social media pages so potential customers can read more if they wish. Educate them about the importance of fraud prevention, and they might just thank you for it.

Increasing education around 3DS and how it combats fraudulent activity could also work wonders for increasing your trust score. 

Prioritize the user journey

Secondly, ensure the user journey from browsing to payment completion is smooth regardless of the device used. Test your website flows and ensure your payment gateway provider is as well integrated as possible across different mobile and desktop devices.

Be sure to continually test performance too. If you’re seeing a high volume of cart abandonments, it just may be a sign that something is broken. So, routinely test the 3DS is performing as expected and fix any issues as soon as they arise.

Switching to 3DS2, rather than 3DS, can also improve the user journey. 3DS2 introduces Frictionless Flow which allows issuers (banks) to automatically approve transactions deemed to be low-risk. This automatic approval reduces the number of steps required to complete the payment.

Prepare to fail

Thirdly, prepare to fail. 

While telling you to get ready to fail isn’t the most inspiring advice we’ve shared,  it may be the most useful. 

What do you want your customer to do if their 3DS transaction fails? Contact you? Try again?

By preparing to fail, you’re putting assurances in place to help customers seamlessly move forward from a payment failure. You are providing solutions long before problems arise.

You could add a section to your payment FAQs about the next steps customers should take in the event of 3DS failure. The Trainline has a great example of this on their site from 2018 when 3DS failure was much more common.

Trust the process

Finally, take comfort in the fact that the latest version of 3DS was designed to be an improved protocol, even if it had a somewhat rocky start in some areas. All tools, services, and products experience problems in their early days. You, more than anyone else, can likely relate to the need to reiterate designs and improve product quality. It’s all about testing and improving.

As 3DS becomes more and more commonplace, we suspect that the 3DS implementation will become easier, connections with payment gateways will become more seamless, and technical issues will be minimized.

Removing common pain points such as static passwords can simplify the user experience too. As we know, simplifying the user experience can help improve cart abandonment rates. 

Your next steps for 3DS eCommerce

With all these variables and actions to take, we’d understand if 3DS was beginning to sound like a headache – but we encourage you to think of it as an opportunity to improve eCommerce security for your customers.

Implementing 3DS will make your presence safer, more welcoming, and, ultimately, more profitable. After all, if customers don’t believe your checkout process is secure they are more likely to drop off without completing their purchase.

Ultimately it is up to you as a merchant whether you decide to implement 3DS. But in a world where eCommerce is only getting more competitive, it makes sense to grasp the advantages — especially when they overlap with preventing fraud and improving consumer trust.