How 3DS Affects Merchants and Consumers in the Americas
Why Does 3D-Secure Matter?
3D Secure (3DS) provides an additional layer of security for online transactions, adding an identity confirmation partner to the standard communications between acquiring and issuing banks. It delivers real benefits to consumers (whose credit cards become harder to use fraudulently) and for merchants (whose exposure to chargeback fraud can drop like a rock). It also brings some significant challenges to both, including the friction of extra steps in the payment process, the sometimes-confusing user experience, and the risk of unanticipated fraud through identity theft in the initial 3DS registration (particularly the activation-while-shopping, or AWS step).
That said it has become an industry standard, and is required in the EU and UK; it is effectively mandatory in other geographies like Australia and India, where regulations require very strong identity confirmation.
Is 3D-Secure Required in the Americas?
For merchants who strictly do business from, and within, the United States, 3DS is not mandatory. For those who sell to customers in Europe, however, it will likely be necessary to implement 3DS. Indeed, it will be necessary to implement the latest version (3DS 2.0) in order to comply with PSD2, which is the second version of the European Payment Service Providers Directive. This most recent update to the requirement updated the ways in which payment providers must authenticate consumers, with the goal of reducing fraud by using methods that weren’t widely available at the time of the original PSD (issued in 2007), such as using smart phones to deliver dynamic tokens.
For merchants in other parts of the Americas, 3DS is broadly speaking not a requirement, unless, again, merchants are heavily invested in selling into the PSD2 nations.
How prevalent is 3DS in the Americas
In the absence of the sorts of enforceable regulations passed in areas like the EU, UK, Australia, and India, 3DS has faced somewhat hard sledding in the United States, where businesses have largely opted toward limiting the downsides of 3DS (friction, etc) by doing everything they can to avoid it. That being said, the value of the market for 3D Secure services is growing rapidly, estimated at $1.3B with a an anticipated CAGR of 11.4% between 2021 and 2028 - with the majority of the revenue originating in the United States. As 3DS 2.0 improves the customer experience, the industry generally expects that merchants will increase their adoption. This will require, however, better transaction close rates: a study of millions of transactions revealed that in the early going as many as one in five deals that ran into 3DS failed to close.
Meanwhile, outside of the United States, adoption has been slow and spotty across the rest of the Americas, largely owing to concerns about user experience and resulting drops in transaction success (a widely-cited study suggested an immediate acceptance rate drop of 25% when 3DS was switched on in India, which inevitably affected merchants’ willingness to get involved).
Just How Damaging is 3DS to America's Transactions
It turns out that the impact of 3DS on ecommerce transactions varies wildly by nation - and, indeed, seems to be correlated with the percentage of transactions that go through it. Thus, for instance, we see high acceptance rates in countries such as
- Sweden: 91% of transactions use 3DS, only 9% fail
- Denmark: 89% of transactions use 3DS, 11% fail
- France: 85% of transactions use 3DS, 15% fail
With relatively low 3DS usage rates in the Americas, it is probably not that shocking to see higher transaction failure rates, including the USA with a 71% 3DS usage rate, and a frightening failure rate of 29%.
Related research also shows that merchants in the Americas are way more concerned about the impact of 3DS than those in other countries:
- USA: 58% are Concerned to Very Concerned
- Brazil: 68% are Concerned to Very Concerned
- UK: 49% are Concerned to Very Concerned
- Italy: 44% are Concerned to Very Concerned
While there are certainly countries outside of the Americas who view the risk of transaction failure owing to 3DS as being just as concerning (such as Spain at 74% and France at 75%), there appears to be more unanimity across the Americas that the benefits do not yet quite outweigh the benefits.
The future of 3D-Secure in the Americas
Given the costs and risks of online fraud, and the ever-evolving sophistication of online criminals, it is inevitable that 3DS 2.0, or whatever follows it, will eventually deepen its penetration into American markets. Advancements in the most modern version are making the solution more attractive: even though penetration in some European nations is almost universal (Germany is at 80% of all transaction running through 3DS 2.1 or 2.2, as is Italy, with Spain reaching a little further to 82%), adoption is improving in the American nations:
- USA: 77%
- Mexico: 71%
- Brazil 77%
As the risk of a catastrophic data leakage event - and the cost of recovering from it - continues to rise, the adoption of a standard that can enable a merchant to operate globally seems as inevitable as the already-completed somewhat grudging acceptance of data protection schemes like GDPR.