What Are Verified By Visa & 3D Secure?
If you’ve heard about Verified by Visa through the grapevine — or more than likely in your checkout process — and you’ve got some questions, you are in the right place. Come along as we take a look at the good, bad, and the ugly when it comes to the evolution of Verified by Visa and 3D Secure.
What is Verified by Visa? Simply put, it’s a program to help ensure that cards are used only by the owner of the Visa account, thereby making online purchases more secure.
The premise may be simple, but the details can be a little complex. Buckle up for a bit of a bumpy ride. In this post, we’ll look at where the industry used to be in terms of security protocols and talk about how far we have come thanks to solutions like Verified by Visa and its companion, 3D Secure.
3D Secure stands for 3-Domain Secure, which reflects the fact that the checkout process involves three separate domains to protect cardholders and merchants. 3D Secure encompasses both Visa and Mastercard’s security programs, as well as programs offered by JCB and American Express in select parts of the world. Merchants can add 3D Secure authentication on their site as an additional way to prevent card fraud.
As we dig in the post, we are also going to explore some sobering realities that every eCommerce business must face when it comes to fraud — and discuss how 3D Secure technologies can protect you as a merchant.
Table of Contents
What Is Verified By Visa?
As we mentioned above, Verified by Visa is a program designed to reduce fraud and make online purchases more secure, but that definition is fairly ambiguous. The truth is that Verified by Visa is always evolving to adapt to how it accomplishes the goal of security, and this program will likely continue to change to stay one step ahead of online fraud. A shopper’s experience with Verified by Visa will largely depend on who issued their card as well as the merchant’s online security protocols. For example, a shopper with one particular Verified by Visa card may be prompted to enter in a personal PIN every time they buy at their favorite eCommerce shop. Another shopper with a Verified by Visa card issued from a different bank may go through the checkout seamlessly and not be aware that there are layers of risk assessment happening with data in the background to ensure the order is legitimate.
This difference in shopping experiences is because there are two versions of Verified by Visa with varying levels of participation from issuing banks. This variance is in part due to the rollout of the new protocol 3D Secure 2.0. The update addressed some of the significant problems with the original 3D Secure, version 1.0. In the light of the risks presented by card-not-present transactions, most merchants (and shoppers!) would agree that adding layers of security is a good thing. But as I mentioned above, there were some big complaints with the original version of Verified by Visa when it rolled off the lot.
3D Secure 1.0
Before we dig in, let me first say that it is completely normal to experience a certain to amount of negativity bias when we experience something new. As humans, we tend to focus on the negative and often approach new situations with suspicion. That can be a good thing or bad thing, depending on the situation.
Unfortunately, some shoppers who were initially exposed to Verified by Visa and 3D Secure version 1.0 mistakenly thought the pop-up authentication screen prompting them to enter their secure personal PIN was a malicious attempt at gathering their credit card data, and they jumped ship. These customers abandoned their carts or were locked out, resulting in lost sales for merchants. The situation was not good for shoppers, and certainly not good for businesses.
Third-party pop-up screens demanding passwords or other sensitive information are a red flag, for obvious reasons. And as predicted by naysayers, several reported malware pop-ups spoofed the whole scheme. Verified by Visa and the banks soon worked out these kinds, fortunately. Now, the authentication step for Verified by Visa 1.0 (yes, that version still exists) happens in an in-line window. Pop-ups are a thing of the past.
But this improvement still doesn’t change the fact that many people don’t like having to remember yet another PIN number, code, or password for every purchase they make, big or small. There’s always a delicate balance between payment security and user experience in the world of payment security. Shoppers expect convenience and ease while also needing a high level of trust.
The newer 3D Secure technology utilized by Verified by Visa continues rolling out to eCommerce shops, and it does an exceptional job of addressing payment security and usability.
3D Secure 2.0
Just like 3D Secure 1.0, the newer 3D Secure 2.0 provides an additional layer of security for online transactions before final authorization. However, the updated version of Verified by Visa included in 3D Secure 2.0 uses a data stream to provide more robust risk assessments instead of relying on a PIN or passcode for authentication.
Verified by Visa and the original 3D Secure technology came on the market 15 years ago, but Version 2.0 is being managed and implemented by EMVCo, the same organization responsible for certifying hardware and software to accept chip card payments.
The important thing to note for any merchant considering Verified by Visa and 3D Secure is this: 3D Secure 2.0 represents the latest global standard in payment security.
The touted improvements are:
- Cross-Device Support: 3D Secure 2.0 brings better usability and support for transactions across several types of devices.
- Better Risk Analysis: Enhanced risk-based, decision-making for issuers utilizes 10X the data (e.g., time zone, device ID, purchase history, and geo-location data).
- Improved Usability: A faster behind-the-scenes makes for happier customers.
- Less Customer Intrusion: Authentication is only required directly from a shopper if the transaction is flagged high risk.
Visa says it best:
The new 2.0 version of the technology enables a real-time, secure, information-sharing pipeline that merchants can use to send an unprecedented number of transaction attributes that the issuer can use to authenticate customers more accurately without asking for a static password or slowing down commerce.
One of the best improvements from a shopper’s standpoint is that they won’t be asked for additional information unless the transaction waves some red flags. Data powers the risk assessment behind the scenes to more accurately identify a genuine vs. fraudulent transaction. As touched on above, 3D Secure 2.0 uses different types of data to analyze the purchase and protect shoppers and merchants from fraud, including but not limited to:
- Purchase history
- Device ID
- Purchase amount
- Geo location
- Email address
- Merchant history
- Time of day
- Unusual IP address
- Unknown device
- First time purchase of merchant
- Excessively large purchase amount
And unlike Verified by Visa’s 3D Secure 1.0, users are not required to opt-in or register. If a cardholder’s issuing bank makes use of 3D Secure 2.0, the bank automatically enrolls the card at no charge to the customer.
Fewer passwords and no need for registration means that most cardholders will not even necessarily be aware of all the fraud protection happening behind the scenes.
But what about merchants? What does a merchant do if they want to utilize 3D Secure technology in their checkout process? Read on for merchant information and some sobering fraud statistics that fueled the race to better technology.
How Verified By Visa & 3D Secure 2.0 Protect Merchants
Everyone understands that fraud is costly, but many may not know how the EMV chip protections for card-present transactions have caused fraudsters to focus more on eCommerce fraud. After the rollout of EMV, it was harder than ever to clone a user’s card or steal their credit card data. So the target has changed.
Fraudsters identify vulnerabilities in the payment security landscape, and that’s why we see eCommerce businesses hit harder than ever. When companies don’t understand how to protect themselves, they open themselves up to data breaches and big problems ensue. According to UPS Capital, 60% of small businesses are out of business within six months of suffering a cyber attack.
Every ecommerce merchant should do what they can to provide more protection for these transactions. We cover more about the risks of online payments and how you can protect your business in What Is A Card-Not-Present Transaction?, but 3D Secure technology is one excellent way you can defend your eCommerce business.
Here’s how it works in a nutshell:
Instead of asking every customer for extra information, Verified by Visa and 3D Secure 2.0 use multiple layers of data to identify a high-risk transaction. Your shoppers are only asked to complete an extra step (e.g., entering in a verification number delivered via text) if there is a high risk of fraud.
All of this is important because merchants not only need to protect themselves from fraud, they need to protect themselves from lost sales due to frustrated customers. A behind-the-scenes risk-management approach means that convenience and user experience remain intact.
EMVCo reports that the data-driven authentication of 3D Secure 2.0 leads to a 70% reduction in cart abandonment. So as a savvy merchant, making it easier for your customers to complete a purchase while reducing the risk of fraud to your business is a no-brainer!
How Merchants Can Implement 3D Secure Technology
As mentioned earlier, Visa recommends that issuers and merchants support both the 1.0 and the 2.0 specifications. If you currently have a merchant account, give your provider a call to find out if they offer 3D Secure and how to start utilizing it in your online shop.
If you are in the market to find a high-quality, affordable processor that offers built-in excellent security tools (including 3D Secure) for eCommerce business, check out our other post, How to Choose an eCommerce Merchant Account.
The Verified by Visa experience for both shoppers and merchants has come a long way since it was first introduced more than fifteen years ago. Because the threat of fraud is continually evolving, we are likely to see this technology continue to get smarter as well. That’s because eCommerce businesses today face increasing threats from fraudsters who target vulnerabilities in the digital space.
Staying up-to-date with the latest payment security technology is crucial to protect your business and the shoppers who buy from you. Verified by Visa and 3D Secure 2.0 work behind the scenes to authenticate a sale without a lot of intrusive requests to the shopper, making it an excellent way to combat fraud.