Guides and reports

Revenue Optimization 3: Why APAC businesses need to pay attention to strong customer authentication

In this third post from our Revenue Optimization series, Xinying Teo shares on strong customer authentication (SCA), the upside of SCA for businesses in APAC and how Adyen readies businesses for the future of commerce.

May 17th, 2021
 ·  5 minutes
Illustration of a woman looking at various security icons connected by lines.

By Xinying Teo, APAC Team Lead, Risk Management

Strong customer authentication(SCA) describes technology and procedures designed to make online payments more secure and fraud less likely by incorporating additional verification.

But as you’ll discover, the next generation of SCA is as much about customer experience as it is about security. Safer and more responsive authentication protocols will allow business to improve authentication rates, recognize loyal and trusted customers with smoother approvals and ultimately optimize revenue.

But first, a little history.

An evolving response to fraud

After the rapid take-up of credit cards in brick-and-mortar stores in the 90s, fraud took off as well. In response, chip-enabled cards and PIN numbers were introduced – it worked and fraud levels fell significantly.

Then in the late 90s and early 2000’s, ecommerce came along. The dot com boom as it became known, was a heady, profitable time for many, not least fraudsters. If ecommerce was going to have any kind of future, it needed to be secure.

Enter SCA.

In response to the growing threat posed by online fraudsters, 3DS1 (three domain secure) was introduced. You’ve almost certainly come across 3DS1. Every time you’re redirected to another page to input a code that’s been sent to you, you’re using 3DS1.

To its credit, 3DS1 was a vast improvement on the limited fraud controls that preceded it, and it did reduce fraud. However, it also caused friction at the moment of transaction and in some cases, caused authorization rates to fall. And 3DS1 was designed with the desktop in mind – it was never optimized for mobile. After over 20 years, an update was well overdue.

3DS2 is made for mobile, in-app and desktop

Two years ago, the next generation of authentication – 3DS2, was introduced. Optimized for the mobile experience, not only does it make transactions more secure, it also promises a smoother shopping experience while maintaining authorization rates.

3DS2, as an authentication method, recognizes the way the world and human behaviour has changed in order to deliver better user experiences. The technology accesses more data points across the entire payment ecosystem to help issuers make better informed decisions about fraud.

It also makes it easier for users’/customers’ to verify their identities using the three domains:

1. What you know – PIN, passwords, sequences, facts 2. What you own – devices like phones, smart watches, IOT, tokens, badges 3. What you are – fingerprints, facial features, voice patterns, iris formats, DNA signature

To meet SCA standards, a shopper would need to have two of the above.

By using more data from more sources to protect against fraud and verify identities, 3DS2 makes it easier for merchants to protect against fraud and for users to prove their identity.

Authentication can be used proactively to reduce fraud, but also reactively to introduce friction to suspected fraud. That’s not to say 3DS2 is a silver bullet. If we know one thing about online fraudsters, it’s that they’re adaptable. They will try to find ways around enhanced security. But 3DS2 will undoubtedly help to make online payment platforms more robust.

The global shift to SCA has already begun

Even if you don’t have a business presence in Europe, you may have heard a thing or two about the Revised Payments Directive (PSD2) regulations in Europe and how next generation SCA 3DS2 protocols fit into PSD2.

As ecommerce and m-commerce growth continue worldwide, with ever-increasing online transaction volumes, SCA is certainly a global phenomenon. AusPayNet’s Card Not Present Framework in Australia and the risk-based authentication framework in Malaysia are two examples I can share over here in APAC.

To ensure consumers and businesses are better protected from fraudsters today, card schemes Visa and Mastercard are moving away from providing liability shifts on transactions over 3DS1 protocols too.

Here are some deadlines to keep in mind:

• Visa will cease liability shift on transactions over 3DS1 protocols, if issuers are not participating in 3DS1, on October 16, 2021. By October 15, 2022, Visa will discontinue their support of 3DS1 transactions. • Mastercard will cease stand-in passive 3DS1 authentication on behalf of issuers on October 1, 2021 and discontinue support for 3DS1 on October 14, 2021.

What do all of these mean? The move towards stronger customer authentication will provide shoppers and businesses with safer online transactions. By streamlining approval processes, especially on mobile devices, merchants will be able to authenticate transactions more efficiently, and increase conversions. In addition to 3DS2 as a means of meeting regional SCA regulatory requirements in APAC, it can also be utilized to complement merchant's fraud management systems to recognize low-risk, reliable customers – useful for rewarding customer loyalty and optimizing revenues.

Make the change to 3DS2 with Adyen

As a global payments service provider, Adyen offers our merchants and partners the most up-to-date solution that keeps you ahead of SCA requirements across the globe, and well ahead of the upcoming 3DS1/3DS2 support timelines. Better yet, our extensive experience in fast-growth and fast-changing regional markets here in APAC ensures you’ll be in step with local regulations.

Our dynamic risk management approach gives you flexibility and control over your business strategies, dialing things up or down according to your needs at any time – and in the markets your business is in. So you can continue to focus on your business growth, while every single customer from anywhere around the world can enjoy smoother, more secure shopping.

ICYMI, catch up on Revenue Optimization 1: Authorization rates, fraud and some things you should know about risk management.

Get in touch with our team to stay informed on the latest in SCA, risk management and strategies that can keep your business ahead.

Fresh insights, straight to your inbox

By submitting your information you confirm that you have read Adyen's Privacy Policy and agree to the use of your data in all Adyen communications.