The introduction of PSD2 and the rollout of Strong Customer Authentication (SCA) has ushered in a new era for payments in Europe. And, although the rush to comply with SCA is over, there's much more to do.
Considering the critical role authentication plays in the payments flow, it's not just a matter of meeting the minimum standards of compliance; it's a matter of building a strategy that aligns with your business's goals. That strategy will also constantly evolve as new iterations of the 3DS protocols emerge, presenting more opportunities to optimize how you balance risk and performance.
Are you confident your authentication solution has the flexibility to keep pace with industry changes and give you the ability to strengthen your authentication strategy? Ask these questions to find out.
1. Does your authentication solution support the latest version of 3DS?
The 3DS landscape isn't uniform. There are multiple iterations of the 3DS protocols in operation—and new ones are coming. Moreover, the application of the 3DS across issuers isn't consistent.
This inconsistently creates complications as you build your authentication strategy, as what works for one transaction might not work for another. To add another layer of complexity, issuers constantly develop their 3DS strategies. Keeping pace with these changes is critical to ensure your transactions have the best chance of success.
What does this mean in practice? You need a provider who offers all available versions of 3DS—including adopting the latest versions when available. Equally important, your provider should dynamically route each transaction through the highest-performing protocol to give it the best chance of success and offer customers a seamless experience.
2. Can your solution optimize across exceptions and exemptions?
Exemptions are a critical tool in any authentication strategy, allowing you to remove friction for customers at the checkout. But it's not only a question of when to apply for exemptions; it's what exemptions you should apply.
For example, transactions below €30 are considered low value and are generally exempt from authentication. However, if the customer initiates more than five consecutive low value payments or if the total payments value exceed €100, SCA will be required and the issuers tend to reject it if it is sent as an exemption. A powerful authentication solution will recognize this pattern and choose an alternative exemption path. Doing so reduces the chance of your customer experiencing a soft decline and potentially abandoning their purchase.
3. Does your solution utilize machine learning? Or does it use rules?
To deploy a dynamic authentication strategy, you need a solution that doesn't rely on rules-based logic alone. Instead, it should use a blend of sophisticated rules informed by advanced machine learning that leverages the thousands of data points that form each authentication request.
Using machine learning will ensure that your authentication strategy can evolve. Additionally, every authentication request has the potential to be optimized automatically.
This will allow you to keep compliant with auto-enriched requests. It will also reduce customer friction through optimized exemptions and frictionless flows. Additionally, you can increase approval rates by always selecting the best-performing version of 3DS per issuer or region.
4. What experience does your authentication solution create for your customers?
26% of consumers say they have abandoned a payment due to multi-factor authentication. Providing an experience that's seamless and trusted is a critical step in avoiding cart abandonment.
But there is a balance. To offer a unique experience, you'd need to deploy a non-hosted solution that allows you to tailor the end-to-end experience to your specific requirements. In theory, this will give customers the best experience. The challenge is you will be responsible for building and maintaining the flow across all devices, as well as handling data collection and creating challenge scenarios. In contrast, a hosted solution provides the quickest and easiest go-to-market solution, even if there are limitations to what can be customized.
You might want to use an out-of-the-box option. However, if you build a custom experience, you must find an authentication solution with this capability. Ideally, the best solution is to find a provider that offers both and gives you the chance to adapt as your business needs change.
5. Is your authentication solution restricted by your PSP setup?
Both multi- and single-payment partner setups have pros and cons. However, businesses adopting a multi-provider strategy often experience unnecessary fragmentation and complexity regarding authentication.
This can range from challenges surrounding configuring and reconciling data and optimizing different authentication systems to unnecessary resource expenditure, sub-optimal customer experience and missed opportunities.
Choosing the right setup will depend on your unique requirements.
6. Is the authentication solution built in-house?
A fully integrated, end-to-end authentication solution built in-house will keep the checkout experience as seamless as possible. Without technical debt or unnecessary partners, there will be no breakpoints or lost data. Therefore, you can avoid extra costs. Additionally, using a full-stack payments partner will allow you to utilize more data across the gateway to build more robust authorization cases by choosing to send more secondary data.
Importantly, as authentication solutions evolve, in-house solutions allow for easier testing of new requirements. And, if SCA is replicated in regions outside of Europe, using one global provider will give you the option of being regulatory compliant without finding a local authentication partner.
7. Is your solution provider an active member of the authentication ecosystem?
Working with a provider who is a technical associate member with EMV means they're positioned to represent its merchant network. They can also bring new proposals to EMVco, influence direction and participate in developing EMV specifications. There will be an advantage to you if they can participate in industry meets to engage with key networks across the payments industry on technical topics and agendas.
Find the right provider for your business
Now is when you should be evaluating your 3DS solution—3DS1 is being sunsetted and 3DS2.2 is here. The solution you choose should be preparing you for the best authentication experience now and in the future.
Checkout.com has recognized the business need for an evolving authentication solution—built with tomorrow in mind as much as today. This will give you more control, smarter machine learning optimizations and the ability to develop and test SCA strategies on a global scale.
Learn more about how our authentication solution enables you to stay compliant, increase approval rates and build optimal customer experiences.