Security & Fraud

Zero Touch Authentication

Last year, more than $4 trillion worth of merchandise was lost to shopping cart abandonment, which hurts issuers and merchants alike. Nick Craig, VP of Sales for CA Technologies tells MPD CEO Karen Webster that the solution is something that sounds profoundly counterintuitive – zero touch authentication. And, its reduced shopping cart abandonment by 80 percent and failed transactions by 50 percent – with a zero percent increase in fraud. Find out how.

Facilitating secure transactions is critical in today’s eCommerce world, but what if those same security measures are hurting the shopping experience of customers?

Shopping cart abandonment is on the rise – often fueled by complicated checkout processes or card security issues – with research showing more than $4 trillion worth of merchandise will be left behind in online shopping carts in this year alone.

In a recent PYMNTS webinar — “Shopping Cart Abandonment: The Silent Revenue Killer”Nick Craig, VP of Sales for CA Technologies, spoke with MPD CEO Karen Webster about what’s creating that $4 trillion loss, and the methodology that issuers can implement to streamline the checkout process and win back some of that lost revenue, benefiting themselves, the merchants, and — by providing a better and more secure shopping experience — the customers.



Nick points out that the aforementioned $4 trillion worth of abandonment represents 63 percent of recoverable merchandise.

What’s causing it?

Poor user experience; limited payment types; and false-positive declines.

In addressing these challenges, the payment card issuer, says Nick, “is becoming an important part of the journey” — as much of one as the merchants themselves.

While shopping cart abandonment is certainly a central issue for merchants to tackle, Nick reminds the webinar attendees that behind every transaction is an issuing bank. And declining those transactions can not only negatively impact customer loyalty to the merchant, it can do the same with regards to the issuer and its front-of-wallet status.

With the shift to EMV in the U.S., online fraud will become a greater problem for issuers. Nick shares statistics from Javelin showing that 42 percent of false-positive declines — equal to about $7 billion to $8 billion in lost revenue — occur online, which is a much higher proportion of total false-positive instances.

New payment methods that are becoming available (Apple Pay, for instance) are adding different layers of complexity for the issuer. Stuck between the two options of approving those payments and taking on the associated risk or declining the transaction and risking losing customer loyalty, issuers need to close the gap.

It’s a “significant problem” for issuers, notes Nick — but also a “significant opportunity.”

He outlines the three areas of impact that issuers face in considering whether to accept or decline a transaction:

1. Financial  — affecting net interest income and interchange fees. This is “the most important” aspect to the bank, Nick observes.

2. Business — affecting customer loyalty. Here, Karen notes it’s interesting that in the case of a false-positive decline, the issuer gets blamed, not the merchant. And it’s the issuer who stands to lose customer confidence as a result.

3. Operational — affecting the cost of dealing with call volume. As false-positive declines increase, so, too does the volume of transactions of calls going into banks’ call centers — and that raises the cost on the issuer’s end.



Obviously, as Nick points out, no issuer is going to accept every transaction or decline every one. To navigate their decision-making process, they need to better understand the fraud landscape.

He shares information from a study that CA Technologies recently undertook on global cardholder behavior. One fact that the study bore out is that where cardholders shop is important for banks to identify.

With the range of fraud worldwide being stark — and frequently in flux (related to location and type) — Nick tells Karen that, for issuers, “Understanding the dynamic of transactions that are coming through, and where they are coming from, has a huge impact.”

The data that is essential in understanding that — such as geolocation, type of device being used and connection speed — is unavailable to banks that are using a traditional authorization stream.

Because worldwide fraud rates change very drastically, every day and every hour, manual intervention is “unlikely to be effective,” states Nick. A sophisticated analytics approach is essential for banks to pinpoint both genuine and suspicious activity.

3D Secure technology, notes Nick, is effective in this regard on two fronts.

First, with data analytics, he explains that “an issuer can get in front of the merchant and have a direct dialogue with the cardholder at the point of sale.” In that process, the issuer implanting 3D Secure can collect digital data to which banks normally lack access.

Secondly, real-time authentication allows the issuer (again, with a direct dialogue) to prove the identity of a cardholder without slowing down the transaction on their end, providing an improved customer experience without sacrificing security.

Nick iterates that educating the consumer about how they’re being protected is key in preventing them from opting out during an otherwise unfamiliar authentication procedure. It’s important for issuers, he tells Karen, not to “spring [new methods] on them” and assume that it won’t give the consumer pause.

Whether the consumer is shopping on a mobile device or any method (or methods) available through omnichannel — which is important not just for cardholder convenience, but also in that it’s difficult for fraudsters to replicate — it’s essential for the issuer to provide consumers, Nick tells Karen, with “consistency in [their] journey.”



In discussing with Karen CA Technologies’ method of zero touch authentication, Nick describes the 3 types of cardholder journeys —or “flows” — that are associated with the latest in 3D Secure risk-based authentication:

1. No Challenge: The transaction is authenticated and goes through.

2. Higher Risk: This refers to “a few percent” of transactions, says Nick — “perhaps 5 to 10 [percent], depending on what the issuing bank is trying to achieve.” Here, a specific method of identity authentication that is most convenient for the cardholder is chosen. It’s not a “one size fits all” approach.

3. Decline: These are transactions that are “so obviously fraud,” remarks Nick, “they stand out like a sore thumb.” They are not even worth challenging with any form of identity, and are best for issuers to stop in their tracks.

Risk-based authentication, Nick explains, provides significant benefits for users running 3D Secure. It more than doubles the average shopping value and increases shopping frequency; improves customer satisfaction by eliminating registration and creating frictionless shopping; and increases revenue from interchange and interest income on previously lost transactions.

Concurrently, zero touch authentication reduces transaction costs (by challenging only a small number of high-risk transactions), fraud expenses (due to patented authentication models and real-time rules) and operational costs (in that it reduces inbound call volume to call center by avoiding shopping cart abandonments).

Nick provides the example of a card-issuing bank that has moved from a traditional approach of challenging transactions on every occasion to zero touch authentication. That issuer saw an 80 percent reduction in abandonments (“almost overnight,” says Craig) and a 50 percent reduction in failed transactions — which, he notes, was achieved with a 0 percent increase in its fraud rates.

He discusses with Karen an additional case study of a bank that, in Nick’s words, “took it to the next level” with zero touch authentication, relying solely on analytics. That issuer saw its average transaction value increase 1.8 times, and its customers shopping frequency doubled.



As Karen and Nick wrap up the webinar, Nick provides a summary list of best practices for issuers:

1. Adopt a risk based approach to minimize the number of transactions where authentication is required, thus reducing abandonments significantly.

2. Deploy strong authentication to be reserved for high risk transactions for improved protection and improved cardholder experience.

3.  Allow the control of the risk strategies to target higher risk segments of the portfolio and to minimize impact of compromised cards.

4. Use consistent methods of challenge across channels to improve the user experience and prevent  treating 3D Secure in isolation.

5. Balance Authorization and Authentication strategies to ensure that outsort rate is optimized.

6.  Avoid a one size fits all approach to authentication, no single method of authentication will be convenient to all cardholders.

7. Ensure customer experienced is tailored to the cardholders device, with using device sensitive user experience.

Taking all of those into account, Nick concludes that while “methods of authentication are wide-ranging, mobile has emerged as a great tool for issuers to identify and authenticate cardholders” and optimize the customer experience.

Karen agrees, and shares her own concluding perspective that, while there is a need for education on the consumer side, the payments ecosystem as a whole can stand to learn the benefits of 3D Secure.

To view the webinar in its entirety, click here or see below.




New PYMNTS Study: Subscription Commerce Conversion Index – July 2020 

Staying home 24/7 has consumers turning to subscription services for both entertainment and their day-to-day needs. While that’s a great opportunity for providers, it also presents a challenge — 27.4 million consumers are looking to cancel their subscriptions because of friction and cost concerns. In the latest Subscription Commerce Conversion Index, PYMNTS reveals the five key features that can help companies keep subscribers loyal despite today’s challenging economic times.