back to insights


March 2, 2021

Enhancing 3D Secure with Risk Based Authentication

To further increase the security of 3D Secure payments, Risk Based Authentication (RBA) comes in play. Consider the following: a fraudster with your credit card information wants to process a payment, but the system recognizes that something is odd; and the transaction is automatically terminated or additional authentication is required. How so? Let's explore RBA and find out which benefits it brings.

What is Risk Based Authentication (RBA)?

Risk Based Authentication is a dynamic, parameter-driven system that determines the risk level of an individual transaction and appoints an appropriate customer authentication method accordingly. By applying such an approach, RBA helps prevent various types of attacks present during the processing of online payments.

To score a transaction, data about typical user behavior is necessary. RBA collects and analyzes parameters such as:

  • Device: checks if the customer is using a known device to process a payment
  • Location: checks the user's geolocation/time zone
  • Network: checks if the IP address is familiar
  • Transaction amount: checks for deviations in regards to transaction amount history
  • Number of transactions: checks for deviations in regards to the number of transactions history
  • Delivery address: checks if the delivery address is familiar based on previous transactions

Depending on those parameters, a transaction is either low, medium, or high risk.

Risk based authentication 3d secure by TriDES2

In case of a low-risk transaction, the customer is able to process a payment without applying further authentication.

risk based authentication low risk 3dsecure by TriDES2

For a medium risk transaction (e.g., unknown device), the customer provides additional information in order to process a payment.

risk based authentication medium risk 3d secure by asseco

When talking about a high-risk transaction (e.g., unusually high transaction amount, unfamiliar location), the user is automatically denied access and cannot process the payment.

risk based authentication high risk 3d secure by asseco

Benefits of implementing RBA

Risk Based Authentication does not only help prevent unauthorized processing of transactions. It significantly impacts customer experience by eliminating user friction; i.e., RBA promotes a smooth user experience for legitimate customers while making things difficult for fraudsters.

The end goal regarding the user experience is to determine the level of risk for each individual transaction. The result is avoiding unnecessary authentication steps for low-risk transactions. By doing so, user friction is removed from the equation, making the processing of a transaction both secure and enjoyable for the customer.

With better customer experience comes customer loyalty. Studies have shown that banks that approached digital transformation by implementing RBA enabled quality engagement with their customers making them less likely to switch.

RBA is responsible for cutting fraud-related losses. By implementing Risk-Based Authentication, banks are able to detect and prevent fraudulent activities, resulting in a decrease of chargeback costs. 

RBA as a setting stone for SCA exemptions

Strong Customer Authentication required by the PSD2 directive implies verification by selecting two out of three authentication elements: something you know (e.g., PIN, password), something you own (e.g., smartphone, HW token), and something you are (e.g., fingerprint, face recognition).

Thanks to RBA, not all 3D Secure payments demand SCA. SCA exemptions are based on Risk-Based Analysis, enabling less friction without compromising on security. In other words, RBA allows the customer to avoid an authentication step while keeping the transaction secure.

SCA exempted scenarios relying on RBA are the following:

Low-value payment – Transactions below 30 euros are a low value and do not require an additional authentication step. However, if a customer initiates more than five such transactions; or the cumulative value of the transaction exceeds 100 euros, SCA will be applied.

Merchant whitelist / Trusted beneficiary - A cardholder can flag individual online merchants as ''trusted'' with their issuing bank in order to avoid SCA during the checkout process.

Transaction Risk Analysis exemption – The most sophisticated exemption involving several different factors that need to be taken into account; e.g., overall fraud rate for that particular type of transaction.

Secure Corporate Payment exemption – A transaction initiated by a legal person rather than a customer that does not require an additional authentication step.

For more information, contact our team at [email protected] to get a free, zero-obligation consultation or try our DEMO to see 3D Secure in action.


download datasheet
Request Trial

Interested in TriDES2?

Subscribe to our newsletter
© Asseco South Eastern Europe 2021. All rights reserved
clouddownload linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram