In 2023, credit card chargebacks cost U.S. businesses an estimated $243 billion. The primary driver of credit card chargebacks is friendly fraud, accounting for up to 75% of all chargebacks. A smaller but significant percentage of chargebacks are caused by stolen credit card numbers. 3D Secure (3DS) can reduce both by verifying that the purchaser is an authorized cardholder.
Fraud liability in typical card payments
Without 3DS, the payment provider transmits payment details to the card issuer (e.g. Bank of America, Capital One) via the card network (e.g. Mastercard, Visa).
If funds are available and all provided data is acceptable, the card issuer authorizes the payment. The authorization is transmitted through the card network to the payment provider, who notifies the merchant and end customer that the payment is authorized.
If sufficient funds aren’t available or if the provided data isn’t accepted (e.g. an incorrect zip code), the issuer declines the payment and assigns a decline code specifying the reason for the decline. The decline code is transmitted through the card network to the payment provider, who notifies the merchant and end customer that the payment was declined.
Who’s liable for chargebacks?
In the case of in-store purchase, merchants aren’t liable for fraud related chargebacks as long as EMV cards are captured by dip or tap. However, if the EMV chip is bypassed by swiping the magnetic strip, the merchant is liable for fraud related chargebacks.
In the case of online purchases, merchants are liable for fraud related chargebacks due to the payment taking place in a card-not-present environment.
How 3DS reduces fraud
3DS is an extra layer of authentication for card-not-present payments to verify that the payer is an authorized cardholder. For example, the issuing bank might send a text message or push notification to the authorized cardholder’s mobile phone, alerting the cardholder to the payment attempt and requesting confirmation that the authorized cardholder is the person initiating the payment.
When a customer makes a purchase and 3DS is enabled:
- The payment provider includes a 3DS verification request with the payment details in the transmission to the card networks.
- If sufficient funds are available and all provided data is acceptable, the issuer looks up the card to determine if it’s enrolled in 3DS.
- If the card is enrolled in 3DS, the issuing bank initiates an authentication flow. Depending on payment risk, the authentication flow may require the customer to verify their identity with biometrics, push notification, or a dynamically generated one-time password.
- Upon successful authentication, the issuing bank authorizes the payment.
If sufficient funds are available and all provided data is acceptable but the card is not enrolled in 3DS, the merchant receives a notification and must decide if they want to proceed without 3DS or cancel the payment flow.
Learn more about the 3DS authentication flow
Liability shift
For payments that successfully pass the issuing bank’s 3DS authentication flow, the issuing bank takes on liability for chargebacks due to fraud.
Thank you for implementing 3DS! We experienced three potentially fraudulent transactions from one customer. The first resulted in a $1,794 chargeback due to fraud. The payer attempted the transaction multiple times with different cards before it was approved. However, the other two transactions were protected by 3DS and could not be charged back as fraudulent. Without 3DS, the total potential loss from these transactions could have been $5,382. 3DS saved us $3,588 that we know about. We’ll certainly be using it going forward to protect against fraud losses, and we recommend other towing companies do the same
– Chrissy Walls, Office Manager Mike’s Towing & Recovery Inc, a RoadSync customer
Merchants are still liable for other chargebacks (e.g. due to non-delivery) and for fraud related chargebacks if 3DS authentication fails.
Who should use 3DS?
While any merchant can use 3DS, a percentage of payments will require the end customer to authenticate. This creates additional friction in the checkout process and has the potential to increase cart abandonment rates.
The merchants who benefit the most from 3DS are those in industries with higher rates of chargebacks due to fraud. Merchants selling high-ticket consumer goods that can quickly and easily be sold for cash, such as electronics and tires, are often targeted by bad actors trying to convert stolen credit card numbers into cash. These merchants are ideal candidates for 3DS.
Merchants with high rates of friendly fraud can also use 3DS to combat fraud related chargebacks. This can significantly reduce overall fraud losses, but merchants will still be liable for other types of chargebacks. These merchants will get the best results with a holistic approach to fraud reduction that includes 3DS, collecting additional information at the time of payment, implementing efficient internal processes for responding to chargebacks with the appropriate supporting documentation, and working with a payment provider that makes it easy to respond to chargebacks quickly.
Learn more about types of credit card fraud here.
Implementing 3DS
We’ve embedded 3D Secure into our product so platforms can add and manage it with minimal code.
We love integrating with Rainforest — their component library made the work easier than estimated and gave us back valuable time to ship additional features for our customers!
– Whitney Weaver, Chief Technology Officer at RoadSync
Read more about 3DS implementation
Read more here:
