With more and more retailers expanding into ecommerce — and more consumers taking advantage of shopping online — it’s no surprise that merchants want to make sure they’re protecting their revenue, their good name and their customers from fraudsters. While 3D Secure does offer an extra layer of protection, it comes at a cost. So how do merchants know if it’s a good investment for them?
In this episode of Gateway to E-Commerce, David Fletcher, ClearSale’s Senior Vice President, and Denise Purtzer, ClearSale’s Vice President of Partnerships and Alliances, join Rafael Lourenco, ClearSale’s Executive Vice President, and Sarah Elizabeth, ClearSale’s Senior Director of Marketing. Together, they discuss how 3D Secure offers security and authentication for customers and merchants — and how it might impact the customer experience.
In our 13th episode, we learn how 3D Secure shifts the liability away from merchants, what merchants should consider before implementing the program, and what the potential risks are. But first, let’s introduce you to our hosts today.
is ClearSale’s Executive Vice President. A 12-year veteran at ClearSale, Rafael combines the company’s innovation-driven culture and emphasis on communication with a deep understanding of the statistical tools that underpin excellent fraud protection.
is ClearSale’s Vice President of Partnerships and Alliances, and she lives for connecting the right people to make things happen. Denise has 20 years of experience in ecommerce and knows the ecommerce landscape from every angle, for every size business, in every market.
is ClearSale’s Senior Vice President. David’s expertise in both sales and marketing—and why the two can’t be separated—brings guru-level wisdom and insight when it comes to why people buy … and how you can channel that knowledge to grow your business.
is ClearSale’s Senior Director of Marketing and is an eight-year veteran of the company who helped open ClearSale’s first full-service branch outside Brazil. Sarah’s an expert in planning, marketing, go-to-market strategies, and sales, and she knows exactly how to drive traffic into—and down—the sales funnel.
Merchants are always looking for new ways to protect themselves and their customers against fraud. And when 3D Secure arrived on the scene, it seemed like the perfect solution for increasing security by requiring authentication for online purchases and shifting liability away from merchants and onto credit card issuers. But that’s not all 3D Secure does. It also:
• Analyzes multiple data points to evaluate a transaction
• Works well with mobile transactions
• Gives merchants increased confidence their customers are who they say they are
But 3D Secure hasn’t always delivered on its promises. The majority of merchants globally have been reluctant to adopt this solution, in large part because:
• It’s an added cost to their fraud solution package.
• It’s a solution that might already be covered in their fraud prevention program.
• Merchants may still end up declining legitimate transactions simply because they look risky.
• Increased friction may drive good customers away.
• It creates inflexible solutions that don’t let merchants choose when to apply 3DS.
That’s why before merchants adopt a 3D Secure solution, they first need to evaluate how it will work both for their business and with existing solutions.
You’re listening to Gateway to E-Commerce, a podcast by ClearSale. In this series, global ecommerce leaders discuss challenges, best practices, new tech and secrets to success. And now, your hosts: Denise, Sarah, Rafael, and David.
Hi everybody. Thanks for joining us. Today is lucky 13, the final episode of season one. We’ve made it to this point. It’s Denise, and I’m here with the entire band today, David, Rafael and Sarah.
Awesome, Denise. I’m glad we made it. We are here, the last episode of the season.
Yeah. Always good to be here with you guys.
Absolutely excited to do another episode.
Fantastic. Thanks for listening to our entire season so far. I know that looking back at the season, Rafael, I wanted to ask you, what was your bright spot of this entire season so far?
Well, what I like about this is sharing knowledge and exchanging, and sometimes we learn from someone who we are working with on daily basis. But when you start to get a conversation about a specific topic, you see a different angle from something that you already talk to these people about. So my favorite episode so far has been the one where we discussed the luxury industry and all the specific flavors that it brings to the fraud prevention discussion. So I’ll take that one as my favorite, and I’d like to ask Sarah, what was your bright spot?
Sure. I definitely agree with you that it’s really good to learn as we record these episodes to think about different perspectives, not only from the perspective of the person you’re talking to, but also when you think about the audience, it forces you to think about different angles of things. There were two episodes that I liked the most. I think one that I recorded with Denise, where we talk about how to choose an ecommerce platform for your store. It’s so important, the ecommerce platform, and you have to go over many, many different aspects that basically have to rethink your whole strategy in order to choose your platform. And also, it was really interesting to talk with Victor, our country manager in Mexico, about the market there and what is different and what’s similar and listening to someone that actually experienced the market every day. It’s really interesting. What about you, David?
Yeah, I really enjoyed a lot of the episodes that I was able to participate in. I think one of my favorites was probably when we were talking about Australia, which I believe was episode seven or so. Just the fact that we were able to break down that country and get into some of the details and really look at helping merchants get into that country to do business, and because I’ve talked with a lot of merchants, and when we talk about where they’re working, none of them were saying Australia. We started asking that in the sales process. They were like, “We never really thought about that.” I don’t know enough about it, and being able to share some of that information through the podcast was certainly enjoyable, and I think that there were some things that we learned along the way as well. So I think for me, it was definitely talking about Australia. Denise, how about you? What was your favorite episode?
It’s always fun to have the time to think about these sorts of things because I learn something new every day, and I think that just being able to do podcasts with different people is fun to get their perspective on things. And from that, Rafael and I did the podcast on electronics and just his best knowledge of, and the time that he spent fighting fraud specific to that vertical, was so fun to learn from. So not only sharing information, learning was great for me in that respect.
Speaking of learning, we learned a lot going through this first season. We did 13 episodes. Fortunately, we were able to pull it off. Going into it, we did a lot of planning. We talked about it for months. The marketing team, Sarah and her team, were planning and preparing, and there’s the old saying that I’m sure a lot of us have heard, that the best laid plans of mice and men often go awry, and we were fortunate. We would make plans, and we would talk about the strategy of the session. Sometimes it went that direction; sometimes it didn’t. But the great thing was every time it didn’t, it was still a great podcast. We had good conversations, and I’ve said all along, the cool thing about this podcast is to give people the opportunity to be the fly on the wall and hear what we talk about, because we talk about this every day, all day.
Our customers, the merchants, they don’t. They don’t have that opportunity. They’re focused on their business. So they don’t get to do that as much as they would like, and so this gives them that exposure to get that information and hear from us, and I love the fact that, here’s something that I think all of us that have been involved in podcasts can appreciate. We always work hard to let everyone know in our office, hey, I’m recording a podcast. Make sure you keep your noise to a minimum. I’ve got to focus, especially if it’s on video, but if it’s not, I just need to be able to reduce all that background noise.
Well, due to COVID, we’re all working from home, and we all have the issues of the UPS driver ringing the doorbell because he just delivered your Amazon package, or the dogs barking, or the kids deciding it’s time to wake up and get a bowl of cereal, and here we are. We’re scrambling, trying to keep that noise to a minimum, and I think we did a good job. We certainly had a few that we’re going to be editing out, but overall, I think it was very successful and I can’t wait to get into season two, which we will certainly talk more about that later.
Speaking of which, David, I wanted to highlight a little bit about season two, if that’s okay. And by the way, just a disclaimer, if you hear dogs, we still have this podcast to record now. So if you hear my Scotties barking, apologies in advance. Speaking of season two, I’m super excited about it, because I think this is going to be an opportunity for you all to hear from some of our partners. We’ve got an amazing network of partners that we’ve worked with in all facets of ecommerce, and we’re going to try to get them involved in some of the upcoming podcasts to share even more wealth of knowledge and more information as we move ahead for season two, which should be happening sometime at the first of the year, so looking forward to 2021. With that David, let’s talk about today.
Definitely. Let’s jump into it. We’ve got a lot to talk about today. There’s so much information we could share. We could probably record for the next three hours. Having said that, we’re going to talk a little bit about 3DS. 3D Secure, for those of you that may not be familiar with it. And it’s funny because Denise, we were talking about this earlier, verified by Visa. That’s what everyone sees, and they see that and they think, hey, there it is. It’s been verified by Visa. Well, that’s 3DS, and that’s some of what we’re going to be talking about today, and 3DS essentially has been designed to provide security and authentication for the customers and for the merchants.
So the whole concept was to help both parties and as merchants start to look into implementing 3DS, they are drawn into the fact that they feel like they are going to be reducing their chargeback liability, if at all. Really, they’re probably going to be removing it completely through 3DS because 3DS is going to add that extra layer of protection. However, it doesn’t come free and I’m not necessarily talking about money. I’m talking about the other costs, the impact that it might have on our customers, on our customer experience and so forth, and so we’re going to talk about that today. I think we’re going to share a little bit more information about that and that will help some of the merchants better understand 3DS, what it is, where it came from, and why or why it doesn’t matter to you as a merchant. So Denise, having said that, you have been in this industry, payments and fraud, for over 20 years. I know that you’ve seen a lot when it comes to 3DS and you’ve been around it enough. You’ve got the history. Share some of that information with our audience.
Yeah. I think that it’s important to look back to the beginnings of 3DS to where it came from in order to talk about where it’s at today, and really 3DS, or 3D Secure, is all about that shift in liability to merchants. So by securing or authenticating a transaction in advance, then the merchant isn’t liable for it, and that’s really in a nutshell, what it was all supposed to be in the beginning, and 3DS comes about because it’s three different, three domain secure. So it’s the domains being the acquiring bank, which is on the merchant side, or the issuing bank on the cardholder side, and then adding the infrastructure like the internet and the merchant plugin and all of that into play. So you take those three components, and that’s what makes up 3DS.
It started out back in 1999, and it was originally created by the individual card network. So you mentioned that Verified by Visa, David. That was the whole thing. So I think each of us can probably remember doing a transaction at that time online and keeping in mind that this is all just PC transactions. There were no smartphones when this took place so you’re on your PC. You’re making a transaction. You see that additional popup that comes up that says you have to include additional information if you’re not authenticated or registered yet, in which case, in my situation, I would pull out my AmEx and just bypass it that way. So I think that’s a little bit of what was going on during that time. It was based on 15 data points, so that situation where an order might be risky and that popup window occurs could have happened quite often. In fact, it did.
Customers had to enroll. So if they refuse to enroll, they couldn’t check out, and it just wasn’t a great customer experience overall, and I think that in reality, when you looked back in 2014, they would discover that there was about $118 billion in false declines, which is a number that makes me shudder, because that’s something that we try to avoid at all costs is that false decline. And in 2017, a few years later, only about 18% of the U.S. transactions were using 3DS. So card abandonment was really high in some countries. It was as high as 50% in Brazil, and you put all those things together, and obviously, that first iteration of 3DS just didn’t quite come about in the way that it was all touted to be, and I think because of that, now we fast-forward or in this case, slow-forward, 20 years in advance, and we’ve got 2.0 that comes about. Given all that, David, I know that you talk to merchants quite often. What are some of the things that you’ve heard, painful-wise, during that time, and what are merchants thinking as far as experience goes?
Yeah. That’s an interesting history there, because it really has been a while that it’s been in play, but it hasn’t developed as much as you would think it would over that period of time, and so when we’re talking to merchants, some of the things that we hear is we hear three things. One, we hear that they’re afraid of it. They don’t fully understand it, and so they’re afraid of it in general. Two, we hear them say, “Well, I think it would be good for my business, but I’ve heard other people talk about it, but yet I don’t know anyone that uses it.” So there’s the fear of, I don’t want to be the only one. And the third one that we hear a lot is, and this is a little comical, but we heard this and we just had this on a call recently, “I don’t sell in Europe so I don’t need it.”
So for some merchants, that’s valid. That’s just their process. That’s how they view it. That’s their opinion of it, but one of the things that I think that we have learned in talking with merchants that have fought with 3DS, and we do have some that have used 3DS, but they’ve transitioned away from it and moved to a ClearSale solution, is that they were concerned about their experience, the customer experience. They were concerned about the time that it would take sometimes and Denise, great example, which you referred to as I had that come up as a user, and what did I do? I just said the heck with that and I broke out my AmEx, and there’s been studies that have been done. Amazon put out that report that said there’s a 1% sales loss for every extra 100 millisecond of load time, and you’ve got to wonder: As merchants try to implement 3DS, how does that change that customer experience?
So I think overall in the marketplace, a lot of the merchants are just sitting back and waiting. When you think about how it’s been implemented and how it’s been pushed to the market, nothing against Visa, good Lord. I know I’ve got plenty of Visas in my wallet, but I don’t think they do a good job in trying to explain it to their merchants and getting their merchants to fully understand it, but at the end of the day, you’ve got your customer experience and you’ve got your increase in false declines, and that’s what it really boils down to, and every merchant that we’ve brought on that had used 3DS, they see an increase in approved orders.
And that’s just because we do things differently, obviously, and you mentioned some of the data points that they are doing, and I know 2.0 will be coming out soon where they’ll start to add a couple of data points, and I’ll let you guys talk more about that, but yeah. That’s really been the experience on the merchant side, and so I think there’s even more stats and data points, and since we do have our resident expert, our data scientist and my favorite statistician, Rafael, I’m sure there’s plenty more that you could share from a number standpoint and so forth.
Sure, sure. I think you started with the most important element of that, David, and you always do, actually. When it comes to solving the problem in a different way, that’s basically what 3DS is. So we have a problem. Denise mentioned how much false declines concern the merchants, how much the fraud itself, how much is being lost to criminals, even from a merchant’s point of view, but also on the consumers, because it’s not convenient to have your credit card stolen. You need to think about a different solution. So 3DS, in other words, could be understood as an additional layer of protection given by this, the combination or the consortium between Visa, MasterCard, and others, so that you can try to solve it in a different way, and then when it comes to solving a problem in a different way, I’d say that we’ve got to start by what’s the size of the problem and who has the problem? Who is concerned nowadays?
So you two, Denise and you, Dave, you guys found your way to skip a process that was bothering you, and I think other consumers may do the same, and as you know, I like stats and I like the one that says that 40% of the users will simply leave the website if it takes more than three seconds, and here we are talking just about additional time waiting for a transaction to go through. What 3DS brings to the table, on one hand is the shift of the liability, the financial liability, obviously, which is attractive to merchants and somehow even attractive to consumers, but on the other hand, it brings the possibilities on how the bank, the issuers, will handle that, and the way they will handle it is eventually challenging the transaction, challenging the authentication process of the transaction through, for instance, the two-factor authentication. At least 5% of the transactions will be challenged somehow using a cell phone or text message or something, and those are the numbers that I’m concerned about.
I mean, how many consumers will drop the ball during the process? What is the problem we are trying to solve, and how many of those orders are going to be declined because of this new process? So even though the merchants might be protected by this extra layer of protection, how much is it going to cost in terms of sales, and I think the transition between 1.0 to 2.0, in terms of 3DS, I think, try to address a lot of these points. And I noticed Sarah has been studying a lot on what are those differences and what are these new data points that the new protocol brings to the table, and I want to hear a little bit of her opinion on what are those elements and what can we expect in terms of the new technologies and new features in place in the new protocol?
Sure. So to have everybody on the same page, Rafael, Dennis and David talk a little bit about 3DS as well. Some of the key differences between them are, on the previous protocol, all of the transactions are authenticated so the merchant didn’t have any options. Either they go with all the transactions going through 3DS or nothing. So there was no flexibility for them to choose where to apply the 3DS, whereas when you look to the new protocol, the merchants, they have the flexibility to use it as they wish. Of course, merchants in Europe and some regions, they have to follow some regulations, local regulations, but in general, you can essentially have 3DS 2.0 as a tool as the same way that you have a device fingerprint or other tools that you decide when to apply and how to use.
I think one of the most important aspects here is that the new 3DS, the 2.0, it has more data points. So with the old protocol, the issue is they had only 10 data points that they could see from a transaction. So they didn’t have all the access to all of the information that merchants have and where with the new one, they have much more data, and we all know that data is crucial to prevent fraud. So it’s not enough to have information about the payment, the credit card that the person is using, or eventually the computer the person is using. Having information about what is the item that the person is buying, what is the history of that person with that store, etc., it’s really valuable, which is something that the new protocol is addressing as well.
The new version also works in cell phones and in app transactions, which is something that the previous one didn’t do. As Denise mentioned, this was on before smart phones ever existed. So it was a flaw, a really serious one, and their hope is that all of these changes are going to help to prevent false declines. The reality is that nobody knows. We don’t have enough examples or have enough history to see how this is going to work. Our hope is that issuers, they move out of the “better safe than sorry” mentality that they had in the past and actually work closer with merchants to try to approve more transactions without affecting the customer experience. We have our opinions about what is going to work or not and whether these changes are sufficient or not that we can talk a little bit about them, and also we’re going to discuss this in other materials that we are going to be sharing with you all, but I think these are the key differences that we see between the two protocols.
And if I can just add a quick point. The one thing that doesn’t change, and I think for our audience, the ones that are less familiar with what we are talking about in terms of 3DS: We are talking about the liability being shifted from the merchant in terms of deciding whether or not to approve an order to the issuers, and what does that mean? I mean, the more data points they have in the 2.0, that’s what you just said, makes the issuers more able and more active in the process of approving or declining an order, but it’s still each issuer will still have only access to the transactions that go through them.
So let’s say if the certain group of population or certain merchant is selling to a target audience where there are 1,000 different issuers possible, then these transactions will be decided by these 1,000 entities, while we are talking about today’s protocol or today’s standard, at least in the United States, where we’re talking about a merchant eventually talking to a single point of contact that is the fraud prevention solution, whatever it is, or either if it’s internal or external. So I think in one hand, the 3DS 2.0, addressed a lot of the elements that were lacking on the first one. So a lot of lessons learned, and this is pointing in a good direction, but on the other hand, some of the issues or some of the potential problems of this new environment are still there just due to the nature of it. So who is making which decision?
And also, it’s important to highlight here that we are comparing two different protocols, but they are not the only solutions that we have available on the market. So you have always to think about why are you considering 3DS? Yes, the 2.0, it’s much better than the previous one, but do you actually need it? Can you have the same benefits or solve the same problems with different solutions or with a different approach? This is something that I think, and David can speak more about it. Sometimes we hear merchants say, hey, I need to work with 3DS because everybody’s saying that, or because I hear that it’s important, or everybody’s talking about it so it looks like a hot topic, and then when you talk more with them, many, many times they realize that actually they don’t need it. So it’s something that you always have to go back and think, “What is the problem that I’m trying to solve, and what are the options that I have,” and not only comparing the old solution with the new solution.
Yeah, that’s right, and I don’t want to go too far into a sales presentation, but that’s exactly right. People go to 3DS because they have a problem and the problem to them would be chargebacks, and I can now shift that liability on to someone else, and there’s the issue of the false declines. The issuer is going to decline orders that are risky and their solution’s like ours, that we also take on the responsibility of your chargebacks, yet we’re still focused on approving more orders. So you get the opportunity to get rid of your chargebacks, but at the same time, have more orders approved, and that win-win is the experience that we like to talk more about.
So David, at the very beginning, you had hinted about the cost of this whole process, and it goes beyond just that cost of that transaction or verifying that transaction. I think that this brings it full circle in the fact that there is a cost, whether it be declining an order or not allowing a customer to check out at that time with a false decline. There’s definitely a cost there, and we talk about that in our study about false declines, which we can post in the notes here, and again, you also talked about the fact that we could talk about this for hours and hours on end, and it’s so true. I think at the end of the day though, it’s really important for everybody to reflect on the fact that the customer is what’s most important in this whole scenario, and if we do what’s right for the customer and make it a good experience for them and allow them to check out when they are legitimately trying to, that’s what’s going to win at the end of the day, because then the merchant wins and everybody wins.
So really that’s what it’s all about. So given that, I think that we’ve learned a lot today about 3DS. There is still so much to cover and I think that as well, that this is still so early in the process. We talked a little bit about what happens since 1.0, but 2.0, if you think about it globally, the vast majority of the merchants haven’t even rolled it out. So even if you’re in a country where you are regulated and need to have it in place, that’s still a small section of the countries globally. So given that there’s still much to learn, I think that we’ll continue to touch on this subject as we move along, and perhaps even in our next episodes coming up.
So if you’d like to know more about ecommerce fraud and all, continue to follow us. You can also check out all these different types of resources that we have on our website. It’s www.clear.sale, and if you have any questions or want to suggest a topic that we can go into and cover in this next group of podcasts that we’re going to do, please send us an email at firstname.lastname@example.org. Thank you for listening to season one of the Gateway to E-Commerce podcast, where global ecommerce leaders discuss challenges, best practices, new tech and secrets to success. Please subscribe, and please leave us a review. We would appreciate it. Thank you.
For more ecommerce insights, visit us on our website at clear.sale.