Important: Merchants are required to upgrade from 3DS 1.0.2 to EMV 3DS by October.
September 21, 2022
As of October 15th, 2022, 3DS 1.0.2 will be sunsetted, so it is important for all merchants who use 3DS to move on to EMV 3DS before that happens.
This change is great for merchants as EMV 3DS is aimed at today’s mobile world, and it promises to enhance your customer’s shopping journey. EMV 3DS provides your issuer more than 130 data elements to help authenticate the cardholder’s identity; this will help reduce fraud and false declines, help increase good transactions, and of course, it will result in better customer service.
Upgrading is beneficial to your business. Here are some key elements that will make your merchant journey smoother once you switch:
EMV 3DS uses stronger authentication methods, supports both browser and mobile, there’s 10x more data exchange between merchant and issuer, and it allows merchants to have input in the decisioning. Below is a full comparison, courtesy of Cardinal.
EMV 3DS will permit you to input more data, such as what kind of transaction it is, the kind of authentication method used, billing and shipping match, and the ability to make exceptions. That means there is better decisioning that will lead to decreased fraud and false declines.
Infographics courtesy of Cardinal
Once again, if you haven’t made the transition, it is important that you upgrade right now to receive the full benefits. Please keep in mind that once October 15th rolls around, all the merchants who haven’t upgraded to EMV 3DS will receive an error message when a transaction is sent to the directory server.
Visa: Minimum data requirements for merchants.
Here is an overview of the data merchants are expected to provide in EMV 3DS.
Merchants are required to invoke the 3DS method URL every time its available for an issuer, this provides the issuer with more data to make better decisions.
It is required that merchants invoke this 3DS method URL as early in the process as possible.
Merchants should provide as much information as possible, including required, optional and conditional in order to give issuers as much information as possible to analyze the risk of the transaction.
It’s important for the information sent into authorization is accurate and consistent with the data sent into authentication.
There are two types of data: systemic data and manually entered data. Systemic data is automatically captured by the system and manually entered data is captured through the fields that are completed by the customer.
The data that contains the most errors is usually the manually entered data due to human error. That’s why it is recommended that the merchant provides drop-down menus and card-on-file capabilities to reduce the number of instances the customer could input inaccurate information.
There’s 4 common mistakes that issuers find from merchants:
Billing/shipping data inconsistencies, raw data that needs to be formatted, such as addresses, data inconsistency, as well as derived value inconsistency such as device location vs relative shipping or billing address, as well as checking if IP address, phone number, etc do not have any fraudulent transactions associated.
The graphic below shows some effective data field recommendations, courtesy of Visa.
Merchants should avoid filling in blank fields with generic data. It is better to submit blank fields rather than populate it with inaccurate information, as this affects the issuer’s risk model, rule set and final decision.
EMV 3Ds is a great solution for today’s mobile world, but it is the merchant’s duty to make the upgrade, and ensure they provide the accurate data required by issuers. More information means more accuracy in detecting fraud and false declines, which will greatly benefit businesses moving forward.