What’s your goal for using EMV® 3-D Secure? Help fight fraud and lower false declines? Maximize your number of good transactions? Help satisfy a mandate requirement? How about all of those?
Whatever your goal is for using EMV 3DS, it’s important that you get the most out of it you can, each and every transaction. Since every successful authentication increases the chance for a successful authorization, knowing how to really get all of the benefits from EMV 3DS means one thing: more successful sales.
We’ve put together some tips to cross off your list to make sure you are optimizing all that EMV 3DS has to offer – keeping your customers happy and your bottom-line humming.
1. Allow ample time for device data collection to complete. Device data collection includes running the 3DS Method URL, which provides required data elements to the issuer for their risk assessment. This step should take place in the checkout flow as soon as the card details are known, running in the background until complete. This will help more transactions result in a frictionless authentication outcome and impact your ability to seamlessly move into authorization.
2. Pass in at least nine digits of the credit card on device data collection, so that the proper card range/issuer mapping can occur. Similar to tip #1, this will directly impact how transactions route, the outcome of those transactions, and your ability to confidently capture funds. Based on Cardinal data*, only 41% of issuers use nine or more digits to identify the card range. Continuing to pass only six digits will cause the 3DS Method not to run, which can increase the likelihood of a challenge or result in upwards of a 9% increase in failed authentications.
3. Pass as many fields as possible on the cmpi_lookup request message to allow the issuing bank to run its full risk assessment (billing information, email, phone, etc.). The more information the better!
4. Populate all fields with as accurate data as possible and avoid dummy/generic values. Using values that do not truly represent the cardholder or the context of the transaction can skew the issuers risk model and have long standing impacts on how your transactions are evaluated.
5. Double check your validation on Billing Name fields. The BillingFirstName, BillingLastName, and/or the BillingFullName fields are all subject to EMV Book 4 validation, which restricts the character sets that can be used. This is in place to ensure the Billing Name matches what was printed on the physical card and the issuer can validate that against the information they have on file.
6. Speaking of Billing fields, ensure you are using the proper format for Billing State and Country fields. Downstream providers have been known to have fairly strict validation on the location of the cardholder. Make sure you are using the ISO 3166-1 and 3166-2 specifications for Billing Country and State, respectively. This will prevent your authentications from resulting in an error and arm the issuer with the information they need to return more frictionless experiences to your customers.
7. Pass in browser data fields on the cmpi_lookup request as a failsafe in the event that device collection on the frontend fails to complete. This will ensure the transaction routes down EMV 3DS instead of routing to 3DS 1.0. With the first stage of the sunset of 3DS 1.0 happening this October, this is an important point to note.
8. Allow for challenges to complete! (We know this can be worrisome but remember, a challenge isn’t always a bad thing!) If an issuer wants or needs to challenge, make sure you facilitate the challenge to the user and don’t bypass 3DS. This allows EMV 3DS to work as it is supposed to. There are reasons issuers challenge, and that is part of the fraud prevention that EMV 3DS helps with!
9. Make sure proper logic handling is in place for authentication outcomes (i.e. decide how you want to either move on to authorization, or not move on to authorization if failed authentications, unavailable authentications, etc.). Make a plan and put rules in place based on your needs and fraud strategy!
When you think of EMV3DS, think bottom line. To get the most benefits, use the tips above to really help EMV 3DS help YOU. In the end, you’ll have more successful, good transactions, and your customers will have a better, more seamless experience. Now that sounds like a win. If you have any questions, let’s talk. We are here to help.
*Cardinal data as of June, 2021 PRes data changes and is updated daily.
EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC