By Ramki Gaddipati- CTO & Co-founder, Zeta
Amidst a global pandemic, digital payment has gained the maximum popularity for people across the world who prefer the safety and convenience of online shopping. Over the last few years with a number of merchants entering the industry, the surge in e-commerce industry has seen a steady upswing. Another segment that has gained popularity amongst the eCommerce is the varied payment options; debit cards, credit card, digital wallets like Paytm, Phonepe, UPI, Airtel Money etc are also in demand.
According to IBEF projections, by 2034 India is expected to become the second-largest e-commerce market in the world. The report also suggests that the Internet penetration rate in India will be over 60% by 2026, thus, giving a further boost to the e-commerce industry. While marketers are waking up to the opportunity of e-commerce, the segment still needs the attention of advanced and simplified payments backed by security and convenience.
The online payment ecosystem
As the digital payments’ transaction got popular, frauds across transaction also started taking over. In India, previously card transactions were more popular than digital wallets which is very risky as cards were only secured through a pin number. Merchants have tried to provide additional security measures for making simplified payment a priority for consumers.
The transaction drop-offs were of concern for merchants across, with almost 20% transactions drop-off on cards leading to only 80% Payment Success Rates are recorded. In 2009 the RBI mandated on 2 Factor Authentication (2FA), UPI implemented through a static PIN and cards implemented SMS OTP as the second factor. While the mandate certainly did its job in reducing the number of transaction fraud, its implementation is less than optimal. Nowadays, most online card payments in India are based on the 3DS 1.0 protocol, with every cardholder being authenticated through an SMS One-Time Passcode (OTP) sent to the customers’ registered mobile number.
Another major setback was, to bring to the fore the 3DS 1.0 was originally meant for desktop generation, and in India where 70% of the online transactions originate from a mobile device, this protocol did not seem to work much and impact on the Payment Success Rates (PSR).
Few reasons stating the lower PSR on cards are:
● The delay or non-delivery of the SMS OTP, which is the most used authentication method.
● The multiple hops from issuer to payment network to the merchant system took a lot of time and resulted in failed transactions.
● OTP pages are not always optimised for the mobile viewer. The result of zooming in and out of the page also impacted the payment.
● System scalability is also a concern with 3DS 1.0 Especially during major sale day across eCommerce biggies had a huge impact where the issuer system would constantly go down.
Efficient and secure authentication process – 3DS 2.0
Visa and MasterCard together have released a far more robust, secure and mobile friendly specification called as EMV 3DS 2.0, it is next in line towards a secure payment which is the answer for all the major setbacks faced by consumers. 3DS 2.0 is mobile friendly optimization which moved towards a “risk-based authentication” enabling faster and secure transaction. The next gen service provider is responsible for the risk-based authentication solution which includes behavioural checks like (Does the cardholder typically make this type of transaction?), Device checks(Is this the usual device a cardholder uses?) and merchant checks(Is the merchant trust-worthy?). Based on these evaluations, it is the dispensing bank’s decision to challenge the transaction or not, which means ‘an absolutely reliable authentication procedure, faster checkouts and frictionless payment experience.’ The entire process of ‘Risk-based authentication’ works in the consumer’s favour with high and improved transaction speed, enhanced user experience and confined fraud level.
Unlike static authentication process where each transaction requires cardholder verification, risk-based authentication challenges only the riskiest transactions. What 3DS 2.0 does in a different way is that instead of relying on 5 to 7 data points (being collected in the 3DS 1.0 flow) issuers can collect over 70 variables; thus, allowing issuers to make better decisions. 3DS 2.0 is adopted in the international market such as; Australia, Singapore, Europe, UAE, with Visa and MasterCard coming out with rules around liability, usage and adoption. Also, the merchant data that can be collected with adoption of 3DS 2.0 is substantial, giving merchants the opportunity towards frictionless capabilities.
Benefits of using Risk-based authentication
Improved customer experience: As, this procedure is one of the self-learning risk engine it sometimes can start as challenging with a higher proportion of transaction. Gradually with time it can evolve as a type where only the risky transactions will be challenged.
Improved transaction speed: Customers will enjoy the reduction in traction time from 40 second to 10 second.
More Ecommerce revenue growth with seamless transaction: As the failed transaction rates will be reduced, it will result in consumer to opt towards more digital payment across ecommerce sites.
Cost effective: The cost to process a transaction will also reduce as no OTP process is involved in this method.
Confined fraud levels: While the failed transaction will reduce, the fraudulent activities will decrease as well.
In conclusion, 3DS 2.0 is adapting to the times by offering a seamless e-commerce payment experience to consumers — whether they are transacting via desktop, mobiles, or laptops.