Protecting Your Business And Customers

When talking about the secure payments, let us not forget what a tremendous energy was invested into the market education during the past 10-15 years. I’m sure you will remember how many times we were repeating the same set of arguments and highlighting the benefits of e-commerce when compared to a traditional one. Today we don’t have to do that anymore. A majority of people are fully aware of the importance of e-commerce in today’s world. Our job in educating the market is now changed, and is far from being finished.

With a number of online merchants rapidly growing, e-commerce entering into market segments we could not anticipate before, the focus must be changed into helping merchants accomplish 3 most important goals:

• Increasing conversion rates
• Optimizing costs
• Securing the payment flow

All those 3 goals are equally important and very much connected to each other.

• Higher conversion rates comes from increasing purchases and decreasing payment abandonment.
• Optimizing costs comes from routing of transactions to a most optimal processor/acquirer, but also reducing number of declines.
• Finally, securing transactions is helping us not only recognize fraudsters, and decline their transactions in order to protect your business from chargebacks and financial losses. The real challenge in fraud management is to keep the fraud out while letting the good customers in.

Therefore an effective fraud management strategy must be a core component of the payments solution – and it must be tailored to the needs of each merchant segment. Good fraud protection supports the customer experience, driving up conversion and enabling revenue growth while preventing fraud.

Some indications taken from the Global Fraud and Payments Report 2022 showing that for the second year running, fraud KPIs have risen slightly, with an estimated 3.6% of global revenue lost to payment fraud. Only in Europe  that percentage slightly decreased since last year, with the enforcement of SCA being a likely contributing factor. To avoid leaving money on the table, a merchant needs a wide selection of  tools to choose from and adapt to it’s own needs.

But before we go into details of the implementation of a good fraud management strategies and systems, let us go one step back and first refresh our memory on the payment flow itself.

So where exactly is the fraud management implemented?

A majority of risk prevention tools used by the merchants are located in the Merchant Payment Gateway. This is where risk management mechanisms protecting merchants are activated and this is the point where the merchant will decide on what will be going on with every specific transaction attempt.

When faced with multiple ongoing fraud threats, the ability to quickly detect and defend against these attacks without impact on customers is absolutely essential.

Although one can find various fraud prevention tools, today we will focus on four that we think are the most important ones, and which, once mixed, can deliver a solution incorporating the optimized payment security and maintaining the higher payment conversion (success) rate.

Card Data Validation

Tthis is the most basic risk management tool typically incorporated on the merchant application side. Data validation serves the merchant to check data entered by the customer, such as: allowed card brands, whether or not a credit card number is valid, format of CVV etc.

This basic tool will reduce the number of potential fraud attempts before they even reach the Payment Gateway itself and before the transaction actually starts.

Risk Intelligence Tools

By limiting your exposure to fraud, this set of tools help you to reduce your costs associated with fraudulent transactions and to increase your revenues by up to 30%.

In our company, AllSecure, we implemented more than 100 internal risk management tools that can be applied to transactions. To give you a better idea, the following is a general list of some Risk Intelligence categories.

All those checks are executed and scored in real time. And the risk scoring mechanism then allows merchants to adapt their workflow according to the result.

External Risk Checks

To achieve a state-of-the-art risk management, especially for highly sensitive online business, one can also utilize some od already integrated third party risk management solutions such as: Kount, ReD, Ethoca and ThreatMetrix, either to complement with internal risk checks or to fully outsource its risk assessment to industry leading systems and databases.

In addition, External Risk Checks and 3D Secure 2.0, when used together, can prevent fraud before the transaction occurs, reduce friction and comply with fraud limits, while allowing merchants to customize their risk tolerance levels.

Dynamic 3D-Secure

Perhaps the most important security related improvement that we were all talking about last year was the introduction of 3D-Secure v2.

First introduced by Visa in 1999, 3D Secure is a payment authentication technology reflecting the requirements of the market as it was 20-year back in time. Even being a “must have” option for liability shift and a reduction of unauthorized use of card payments, 3DS also came with significant drawbacks such as:

• Higher decline rates due to Lack of data and incompatibility with mobile
• Resistance from customers (caused a ~10% increase in shopping cart abandonment, which resulted in lost sales, and customers choosing merchants without 3DS authentication).

Causing it to being called a “conversion killer”.

3DS2 begins to address the limitations and weaknesses of 3DS around customer friction, cart abandonment, and lack of support for newer payment options. Key changes include:

• Reduced customer friction (with OTP sent to a mobile, use of biometrics, and reducing the number of times customers need to authenticate)
• Additional device and channel support (mobile web, in-app authentication, and digital wallet payments)
• 10x more data collected (allowing the issuing bank to implement the flexible and dynamic payment flow)

Although being far more flexible, merchants still prefer to be able to decide on when they will benefit from the liability shift and when they will use the option of a 3DS exemptions and pass the transaction with zero friction to the customer.

When making such a decision, a merchant must rely on risk intelligence and risk scoring already received from previously mentioned Risk Management tools and databases.

Combining all mentioned tools and systems, a merchant, especially a larger merchant will be able to design a strategy unique to  its business model and a strategy that will accomplish the goal of having a fine balance of:

• Increasing conversion rates
• Optimizing costs
• Securing the payment flow

Adria Summit 2023. on 3rd – 7th May 2023. Savudria, Croatia