woman buying online with smart interface emv 3ds and behavioral biometrics

Why should you need a security tool on top of EMV 3DS?

Julie Conroy, research director at Aite Group said it best “A technology that authenticates the end user in parallel with authorization, can save organizational costs and increase transaction approval rates for merchants.”

This article summarizes our conversations during our EMV 3DS webinar with NuData and Mastercard experts.

Full disclosure: yes, we offer a product that combines EMV 3DS with behavioral biometrics technology, so you can expect that we will recommend using a tool in addition to EMV 3DS, but we wouldn’t do it if we didn’t truly believe this is going to bring your revenue numbers up faster than you can say 3DS. Why? Read on.

Smart Interface for EMV 3DS Connection – A three-sided approach

We want merchants to take full advantage of the EMV 3DS flexibility with our three-sided approach: Smart Interface.

1. The NuData platform. NuData is a Mastercard company who understands the underlying intention of the user behind the device to answer questions such as “is that user legitimate or is she doing things that create a danger”?

2. The new protocol. A connection to the EMV 3DS protocol, which reduces friction and the improves user experience.

3. The customizable rules and policies engine. It makes it dead-easy for merchants to build their own rules, policies, and processes; aiding compliance and reducing manual reviews.

This solution is called Smart Interface.

How does behavioral biometrics verify users?

With the behavioral biometrics technology at checkout merchants can weed out automated attacks as well as humans impersonating good users, which may happen in the form of a human farm or an individual with a stack of credit cards.

The technology transparently and anonymously verifies inherent patterns such as how a user types, holds the device or moves across the environment. Just recently, we uncovered an attack after finding the bad actor had all iPhones lying flat or on their screen – it’s impossible to use an iPhone that is lying down so, with that information you can make smarter decisions. With this level of visibility, merchants can stop a transaction outright, before sending it down the new 3-D Secure protocol.

Regulated vs. non-regulated markets

Smart Interface has different benefits depending on whether the market is regulated (Europe, India…) or non-regulated (U.S.).

In non-regulated markets, making those intelligent-based decisions before sending a transaction through 3-D Secure can increase overall approvals, which is one of the core drivers of 3DS and behavioral biometrics. This is tied to the Data Only option of 3DS: the choice of sending a transaction directly to the issuer, outside of the 3DS authentication path. Merchants can do this when the behavioral biometrics technology at checkout tells them a transaction is trusted, and thus there is no need to send it through the 3DS path and risk a potential step up.

Why is Smart Interface better than the plain EMV 3DS in regulated markets?

Two words: Rules Engine.

Merchants (in any market) can build custom rules, models or policies with a powerful structure to reference all the historical data from a user to ask any question that comes to mind. For example, merchants can set up rules to route their customers one way or another depending on a myriad of settings, signals, data points or a combination of the three. This is useful for merchants in non-regulated markets but especially helpful for those in regulated markets. 

The rules engine allows to build automated processes around the different exemptions and build intelligent decisions to improve the user experience while remaining compliant.

For example, if a merchant within the PSD2 jurisdiction doesn’t want to send a transaction through authentication because it falls within the exemption parameters (i.e., a transaction is lower than 30€), they can have rules to automatically drive how a transaction is channeled. With the Smart Interface rules engine, merchants can quickly adapt to any regulatory changes without waiting months to see a change.

What does that mean for the user?

A user who is interacting in the purchase page will click Buy and their data will be gathered and sent to the NuData platform – hosted in the required region, so it stays within that region. Once the data is analyzed in real time and the transaction authorized, the customer will see the purchase confirmation.

How does EMV 3DS enrich the verification process?

The 150 fields, including a set of optional data fields, push extra data downstream that help issuers do their job better. Just think of issuers before EMV 3DS, having to make an authorization decision based on a name, an address, and a credit card number; it’s incredibly difficult to make an accurate assessment with the mere 10 data points shared with the old 3DS. Now, the 150 data fields allow banks and issuers more intelligence to make smarter decisions.

Merchants know their customers more than anyone else; now, they have the chance to share much of their knowledge on a user with the issuer to influence their decision. Merchants and issuers can answer questions like, has this person placed 15 orders in the past five days? Does this transaction come from a spoofed device? Are they removing the device and trying to hit an API directly? This intelligence can evaluate without you having to spend your time or pulling data from different places; it’s all streamlined.

Where does Smart Interface fit EMV 3DS?

With one streamlined integration merchants can connect to Smart Interface. Our solution has client-side support to collect data from the browser, app, or IoT device and then send the data to the 3DS server. The server translates it into a 3DS message to send to the appropriate directory and connects to all the available networks – it’s brand agnostic.

How is this going to increase approvals?

Smart Interface, with behavioral biometrics and EMV 3DS, builds that channel between banks and merchants that merchants have been always asking for. These two have always been separated by a communication black hole that swallowed too many false declines. EMV 3DS is not designed to have friction on everyone, like its predecessor, but to make better decisions to decide who to interdict. In fact, 90% of transactions are forecasted to be authorized without requiring added friction.

Smart Interface will allow merchants to convert more transactions, expanding the users’ lifetime value and helping issuers have their cards on the top of the wallet. Everyone benefits from this new protocol by increasing revenue and improving the online ecosystem.