Unfortunately, payment fraud is not uncommon. That's why the Financial Conduct Authority (FCA) has taken matters into its own hands to ensure the safety of online consumers while reducing the liability of businesses when an authorized transaction is processed.
Due to ongoing security concerns, the Payment Services Directive (PSD) and the Strong Customer Authentication (SCA) system were introduced, making 3D payments more secure. These regulatory measures will affect all businesses operating online.
There is a lot of jargon and acronyms used to describe regulatory actions in the payments industry. These various acronyms can be quite opaque. That's why we've created a short glossary to help make sense of them and clarify their meaning.
- PSD2: This is the Payment Services Directive. It is legislation that requires payment service providers (PSPs) to strengthen their security by improving customer authentication. This is a security requirement that protects consumers and reduces the risk of fraud.
- 2FA: This is two-factor authentication. It is a process whereby a person making an online payment must provide two authentication factors to prove their identity. For example, you may be redirected to your online banking application to provide a PIN to verify your identity.
- 3DS: This is the abbreviation for 3D secure. 3D secure is an online payment service available for Visa and MasterCard. This measure was implemented to prevent fraud in 2001. It has become an essential security factor when making online payments. 3D secure requires the buyer to verify their identity by entering a password or sending a one-time authentication code to their cell phone.
- SCA: This is strong customer authentication. This is a requirement of PSD2 that we mentioned earlier. It requires businesses to require two different authentication factors to prove a consumer's identity (2FA). This affects both online and offline services and protects consumers from fraud. It will become a legal requirement for all online transactions by March 2022.
What is strong authentication?
Strong customer authentication not only enhances the security of the consumer, but also that of your business. It adds an extra layer of protection, increases consumer confidence, reduces chargebacks, and allows for better risk management of online payments.
Why do my payments fail?
In accordance with the regulations that will be fully effective in March 2022, card providers such as MasterCard, American Express and Visa have begun implementing strong customer authentication. As a result, online transactions are being checked more frequently for 3DS compliance.
This requirement can mean that your payments fail because your customers are not using 3DS cards to make a payment. If your customer does not follow the identification process correctly (e.g., a text message from their bank to verify their identity), the payment will fail. Unfortunately, you have no control over this situation, which depends on the card provider and the consumer.
Why do some payments get through?
You may notice that some transactions pass and others do not. This is because all transactions must now pass the 3DS test, even if the consumer does not have a 3DS card. This means that if they have to provide two-factor authentication, it will fail. As with contactless payments, transactions are randomly selected to complete the 3DS process. Alternatively, a consumer may have a 3DS card but not know how to complete the authentication process, resulting in a failed payment. If the customer uses a 3DS card, but the payment still fails, it could be due to several reasons:
- The one-time PIN code sent by the bank was entered incorrectly.
- The customer did not receive a PIN code or authorization message from their bank to approve the transaction, or they entered an old/expired PIN code.
- The PIN code or authorization message sent by the bank was not entered or approved within the required time frame.
In a nutshell
The 3DS code complies with the legislation on online transactions: the PSD2. This legislation aims to protect consumers and businesses from fraud. Thus, the 3DS is a two-factor authentication process that your customer must undergo to validate his transaction.
While this process is designed to protect your customers, not all of them have 3DS-protected credit cards. This means that some will not be able to validate their transaction. Others simply do not know how to validate their transaction with the 3DS. This is why you can see many failed transactions. Moreover, this process is not applied systematically and transactions are selected randomly.
Swikly is of course up to date on the DSP2 and systematically asks for a 3DS code when securing a deposit. This way, you are protected against fraud and stolen cards. This is also the reason why some security deposits can fail.
Soon, PSD2 will come into full effect and card providers will have to be up to date to handle the 3DS process. Thus, you should see a decrease in failed transactions.