Why Authentication Matters

Transcription

1 Why Authentication Matters

2 What you will learn today The challenges facing our industry The opportunities to adapt and improve How increasing mandates, requirements and regulations are impacting commerce and experience Why authentication matters and how it can help solve for the changing payment landscape 2 Visa Consumer Authentication Service 2017

3 Positive growth vs negative growth Fraud detection in the CNP space is as much about declined sales as it is avoiding fraud 24% 20% 19% Growth in CNP approved sales 1 Growth in CNP declined sales 1 Growth in CNP fraud 1 1. Excludes insufficient funds and issuer/switch inoperative declines Source:global ecommerce purchases for the year ending in CY17. YoY growth based on CY17 vs CY16. Sales 3 based on VisaNet authorization data. Fraud based on issuer reported TC40 (including transactions which were not processed on VisaNet)

4 Challenges by Numbers Identity verification is the top challenge facing issuers and merchants 1 43% of ecommerce transactions per month on average are fraudulent attempts 1 1. LexisNexis. The 2017 True Cost of Fraud Report Mastercard. January through November 2017 Data, across all card types Federal Reserve Payments Study: Annual Supplement x Card not present fraud is 4x higher than that of card present 2 98% 83% Physical Approval Rate 2 Digital Approval Rate 2 44% 59% of the total value of payments is Card Not Present 3 of the card fraud value is Card Not Present 3

5 Increased barriers hurt both merchants and issuers. Cardholders who are declined usually take the two paths of least resistance: Select another card in the wallet Purchase elsewhere 5

6 When False Declines Happen, Everybody Loses In reality, both the issuer and the merchant share responsibility. Merchants Issuers What can we all do to fix this problem? 6

7 How do we navigate the changing payment space? 7

8 We Focus We need to be aware of the market forces driving changes and know how to adapt to them Identify Challenges Understand Changes Establish Strategy 8 - Increasing fraud - Increasing false declines - Consumer experience in digital shopping - PSD2 - EMV 3DS - Bank mandates - Network mandates - Adapt 3DS to the changing landscape - Adhere to regulations - 3DS Authentication can help solve for these market forces and increasing regulatory requirements

9 Adhering to the changing times Network Rules/Security standard Mastercard EU and PSD2 Acquirers, Issuers and Merchants must support Identity Check, and be able to request SCA in the EU (or an approved product). India Mandate: Regulatory Rule, Reserve Bank of India (RBI) Regional Mandate/Regulatory Guidelines All ecommerce transactions (including mail order/telephone order and interactive voice response) are required to support Two-Factor Authentication (3DS complies). EBA for the EEA PSD2 effective September 14, 2019 requires all remote commerce payments to have SCA performed, unless exemption requested 9 1. Mastercard network bulletins, April-July 2018, PSD2 RTS, Nov 27, 2017

10 We Innovate. Networks, vendors, merchants and issuers will support new authentication capabilities and features 10

11 The Players Behind EMV 3-D Secure EMVCo protocol owner Providers Customers Merchants Issuers Networks Fraudsters 11

12 Evolution of 3DS The method in which consumers shop has changed and authentication technology must adapt Improved User Experience 3-D Secure 1.0 EMV 3-D Secure - Capable of integration with the merchant experience limited expanded - Removal of activation during shopping - Reduce the number of messages required More Data for Authentication and Security 3-D Secure 1.0 EMV 3-D Secure - Payment-related data limited expanded - Non-payment related data - Support for new and future authentication methods 12 Flexible Device and Channel Support 3-D Secure 1.0 EMV 3-D Secure - Browser-based authentication support - Mobile/application-based authentication support - Digital wallet, non-payment-based authentication

13 Evolution of Authentication Strategy The Ecosystem is Moving Towards Dynamic, Risk-Based Authentication Sophisticated data-driven authentication Multiple integration points into authorization Shared decisioning across the network Consumer friendly challenge methods, focus on biometrics Device agnostic across browser, in-app and future IoT 13

14 EMV 3DS-Payment authentication, evolved An enhanced protocol to meet changing digital shopping behaviors Screen images for illustrative purposes only.. 14

15 EMV 3-D Secure Why it works A huge increase tenfold in data exchange between stakeholders can empower speedy, secure authentication. 15

16 The power of data will Bridge the traditional gap Linking authentication to authorization Merchants Issuers Analyzing, and sharing data from both sides of the transaction 16

17 Issuer Perspective on EMV 3DS - Reduces false-declines with improved risk-based authentication - Continuously updates cardholder profile and transaction behavior for current and future risk assessment - With more contextual information associated with the transaction and the merchant, issuers can make better risk decisions and control fraud loss - With additional data elements available to the issuers, most transactions are authenticated with no consumer friction so the consumer experience improves - High-risk transactions are challenged with seamless dynamic authentication methods such as one-time passcode, biometric, etc. 17

18 Strategy & Benefits of EMV 3DS Starts with features of the 3DS Server Leverage Data Real-time collection Data validation per protocol Reporting & Analytics BIN Detection Flexibility Protocol routing between 1.0 & 2.0 Enables 2.0-like experiences now Risk Control Rules management Seamless consumer experience More authenticated orders Regional mandates/requirement support (future: PSD2) MPI/3DS Server Performance Authentication speeds BIN Intelligence & Monitoring Post-Launch Authorization & Fraud Analysis 18

19 How Data Collaboration Helps Everyone Only the riskiest transactions (typically <5%) are stepped up for cardholder verification Merchant submits transaction for authorization with flag indicating authentication result Step-up NOT Required (Majority) Consumer Merchant 3D-Secure Issuer Decline Transaction OR Prompt for Cardholder Challenge Step-up Required (Small %) Challenges in 2.0 should be trusted, and not considered bad 19

20 3-D Secure 1.0 / EMV 3-D Secure MPI will take inventory of protocol version(s) supported by issuer BIN and package messages Two separate, distinct protocols that will co-exist independently in parallel supporting both protocols will maximize authentication opportunity 3DS 1.0 Message Package 1.0 Network Directory Server 1.0 Issuer Access Control Server (ACS) Merchant Plug-in (MPI) / 3DS Server EMV 3DS Message Package 2.x Network Directory Server 2.0 Issuer Access Control Server (ACS)

21 Timelines to EMV 3DS Key Dates to Remember now, through 2020 OCT 2018 NOV 2018 APR 2019 AUG 2019 SEPT 2019 APR 2020 American Express enrollment available globally Visa EU Activation Mastercard Requirement PSD2 SCA for EU Mastercard RBA Service is available globally¹ Visa NA/LAC/CAN Activation Visa AP/CEMEA Activation Unless issuer choses to Opt-out. / LAC cannot opt-out, Regulated Countries are excluded.

22 22 Authentication Matters Because

23 Implementing an Authentication Strategy How authentication impacts key performance Increase approvals +6% Increase approvals when transactions are fully authenticated 1 Stronger authentication can help balance an optimized user experience with reduced fraud Reduce Fraud <8BPS Lower digital fraud when dynamic authentication is used Mastercard Q1-Q3 data, across all card types, 2016 and Discover Financial Services, Data Analytics Feb-July 2018, US Volume (8%) 2 Mastercard, SecureCode Cardholder Verification Method (CVM) Fraud Study, 2013

24 Get Started Today Evaluate your markets Know your requirements Trust your partners and vendors Tailor your authentication strategy to your business goals Go to market with a solution and continuously measure results 24

25 25 Questions?

26 Thank You! Maggie Bodak Sr. Product Delivery Manager CardinalCommerce Corp, a Visa Company 26