Every business is unique. And has their own reasons or goals for using EMV 3-D Secure. What’s your reason?
- Help to lower fraud and/or false declines?
- Hoping to maximize your number of good transactions?
- Are you required to adhere to government regulations that can be met by enabling EMV 3DS – such as PSD2 SCA?
- Following network security standards and mandates requiring issuers, acquirers, and processors to support EMV 3DS?
- Or something specific to your business needs?
Ultimately – the most important thing is that whatever you want to accomplish – you get the most out of EMV 3DS on each and every transaction. SInce every successful authentication increases the chance for a successful authorization, knowing how to get all of the benefits from EMV 3DS means on thing; more successful sales.
Here’s some tips to keep your customers happy and your bottom-line humming.
- Send clean data. Give the most accurate data as possible and avoid dummy/generic values. Using values that don’t truly represent the cardholder or the context of the transaction can impact the issuers risk model – and affect how your transactions are evaluated. So it’s really about you and your results.
- Send all the fields you can. More is betteron the cmpi_lookup request message – this allows the issuing bank to run its full risk assessment (billing information, email, phone, etc.) – which can help with your authorization success.
- Allow enough time for device data collection to complete. Device data collection includes running the 3DS Method URL, which provides required data elements to the issuer for their risk assessment. This step should take place in the checkout flow as soon as the card details are known, running in the background until complete. This will help more transactions result in a frictionless authentication outcome and impact your ability to seamlessly move into authorization.
- Send at least the first nine digits of the credit card on device data collection, so that the proper card range/issuer mapping can occur. Similar to tip #1, this will directly impact how transactions route, the outcome of those transactions, and your ability to confidently capture funds.
- Double check your validation on Billing Name fields.The BillingFirstName, BillingLastName, and/or the BillingFullName fields are all subject to EMV Book 4 validation, which restricts the character sets that can be used. This is in place to ensure the Billing Name matches what is printed on the physical card and the issuer can validate that against the information they have on file.
- Speaking of Billing fields, ensure you are using the proper format for Billing State and Country fields. Downstream providers have been known to have fairly strict validation on the location of the cardholder. Make sure you are using the ISO 3166-1 and 3166-2 specifications for Billing Country and State, respectively. This will prevent your authentications from resulting in an error and arm the issuer with the information they need to return more frictionless experiences to your customers.
- Allow for challenges to complete! (We know this can be worrisome – but remember – a challenge is not always a bad thing!) If an issuer wants or needs to challenge, there is a reason – so make sure you facilitate the challenge to the user and don’t bypass 3DS. This allows EMV 3DS to work as it is supposed to. Challenges are part of the fraud prevention that EMV 3DS helps with – and that is good for the merchant, issuer, AND the good customer!
- Make sure proper logic handling is in place for authentication outcomes (i.e. decide how you want to either move on to authorization, or not move on to authorization if failed authentications, unavailable authentications, etc.). Make a plan and put rules in place based on your needs and fraud strategy! And don’t forget to take a look at your rules regularly and update when needed!
When you think of EMV 3DS, think bottom line. To get the most benefits, use the tips above to help EMV 3DS help YOU. In the end, you’ll have more successful, good transactions, and your customers will have a better, more seamless experience. Now that sounds like a win.
If you have any questions, let’s talk.
EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC