To provide previously mentioned features, some actions need to be performed on the issuer domain, such as transaction risk analysis and risk scoring. These are the foundations of the so-called frictionless flow, which grants online payment security without disrupting the user experience. Furthermore, to make the risk assessment even more precise, KYC (Know Your Customer)checks on the merchant side can be also performed. To get valuable insight into how 3D Secure tackled this challenge, keep reading.
During the main task of authenticating the buyer, 3D Secure 2 does not only rely on direct Customer Authentication using solely something that the buyers own or have in their possession. A strong focus is put on banks knowing their customers, who are also the actual buyers, during the transaction processes. This analysis looks at the customer's purchase and payment behavior patterns and identifies deviations from this behavior pattern, which will result in additional authentication.
The so-called frictionless flow was introduced with 3D Secure 2, but the final results depend on the risk score and fraud analysis tools used in the transaction risk analysis and monitoring process. When the risk scoring system at the issuer side recognizes the buyers' behavior, such as the buyers using the same device they usually use, the same IoS version, using IP address lookups, and additionally transaction amount not exceeding the average spending amounts, the issuer does not need to ask the buyers for additional authentication. The risk scoring system conducted by the issuing bank should also consider merchant information within the transaction taking place. This includes the merchant's security background and historical fraud rate to make risk assessment more precise.
The User Experience (UX) with 3D Secure will look similar to transactions without 3D Secure for the buyers or payees. However, it will include a much higher security level, which prevents fraudsters from making transactions with the payee's lost or stolen credit cards. Banks still hesitate, about the benefits of frictionless transactions, as shown by Ravelin: only 10% or less of all transactions are frictionless. For comparison, with standard authentication, the average time to authenticate the buyer is about 37 seconds, while in frictionless flow it takes as much as 5 seconds, providing a smooth user experience and reducing shopping cart abandonment rate due to the simplified checkout process.