3DS Transaction Flow: A Modern Approach

Introduction

The landscape of online transactions is evolving rapidly, necessitating more secure and efficient authentication mechanisms. This white paper delves into the intricacies of 3-D Secure (3DS) transactions and their role in maximizing approval rates while minimizing fraud. This document outlines best practices for both merchants and issuers and innovations in the 3DS protocol.

The 3DS Transaction Flow

A 3DS transaction involves multiple stakeholders, including the cardholder, merchant, and issuer, with the goal of verifying the legitimacy of online transactions before authorization. This verification process is like a pinball machine, where the transaction bounces between various systems before completion. Unlike traditional

brick-and-mortar transactions, 3DS involves pre-authorization steps that enhance security and approval rates by exchanging metadata and intelligence.

The Role of Merchants

Traditionally, merchants implemented 3DS primarily for liability shift, particularly in high-risk merchant category codes (MCCs). They still use 3DS selectively, that is, only for higher-risk transactions or transactions requiring 3DS authentication for compliance, European revised Payment Services Directive (PSD2) or Financial Conduct Authority (FCAS) UK. In these scenarios, the majority of merchant transactions are sent straight to authorization and therefore bypass 3DS. This causes two issues:

1. With only a subset of transactions sent to 3DS, issuers are unable to accurately assess risk at the ACS—leading to higher declines and challenge rates.
2. Transactions are disproportionately declined in authorization—leading to overall false declines.

Maximize Approval Rates with 3DS

Today, sophisticated merchants, especially those with substantial revenues, use 3DS to maximize approval rates and enhance their fraud prevention strategies. By providing detailed transaction data to issuers, merchants can help reduce false declines, which benefit all parties involved. Issuers are enabled to identify and manage fraudulent transactions more effectively. More genuine merchant transactions are processed at the ACS and fewer genuine transactions are declined in authorization.

From a merchant perspective, the key objective is to ensure as many legitimate transactions as possible get approved. For issuers, balancing fraud prevention with approval rates is crucial. 3DS facilitates this by enabling the exchange of metadata and trust signals, allowing issuers to make more informed decisions.

Merchants can leverage 3DS to enhance approval rates by:

1. Using RCI Codes: The Request Challenge Indicator (RCI) codes help merchants communicate the transaction's risk profile to issuers, suggesting whether a transaction should be challenged based on its risk assessment.
2. Sharing Comprehensive Data: Providing extensive data fields during the transaction enables issuers to make informed decisions, increasing the likelihood of approval.

The Role of AI in 3DS

Arcot's advanced data science models play a significant role in assessing the risk of each transaction. These models are trained on billions of transactions to accurately identify potential fraud. AI-driven rule sets are increasingly replacing traditional, human-defined rules, optimizing the authentication process by dynamically adjusting to emerging fraud patterns.

Arcot's AI rule set optimizes the transaction flow by:

1. Risk Scoring: Utilizing historical transaction data to assign a fraud risk score.
2. Dynamic Rule Sets: Replacing static human-set rules with dynamic AI-driven decisions, reducing the need for manual intervention and improving fraud detection accuracy.

Best Practices for Challenge Screens

 To optimize the customer experience, it is essential to review and update cardholder authentication screens and flows regularly. Implementing trusted beneficiary options and ensuring clear, user-friendly interfaces can significantly enhance customer satisfaction and trust.

To minimize friction and optimize customer experience, consider the following:

1. Regular Audits: Conduct annual audits of challenge screens to ensure they are user-friendly and effective.
2. Biometric Authentication: Implement biometrics where possible, as it provides a seamless and secure authentication method.

Merchant FraudAlerts

Arcot's system provides real-time fraud alerts, identifying risky merchants quickly and effectively. These alerts help both issuers and merchants respond promptly to potential threats, thereby reducing fraud and improving the overall security of the payment ecosystem.

Sharing and Receiving Data

The 3DS protocol enables a two-way flow of data, benefiting both issuers and merchants utilizing the largest consortium of 3DS transaction data with over 150 trillion data points.

• Issuers: Receive detailed transaction data, allowing for better fraud detection and higher approval rates.
• Merchants: Get alerts on risky transactions and compromised devices, and the payment metadata that is returned to the merchants to feed internal risk models and enable proactive fraud prevention.

Conclusion

The evolving ecommerce landscape requires robust authentication mechanisms. 3DS, enhanced by AI and comprehensive data sharing, provides a framework for secure and efficient online transactions. By leveraging advanced data science, optimizing challenge flows, and fostering better communication between merchants and issuers, Arcot is leading the way in making ecommerce safer and more efficient. This white paper highlights the importance of adopting these best practices to achieve a seamless and secure payment experience.