When talking about online payments, the first red flag that comes to mind is fraud. But there is another threat that is being overlooked. That being cart abandonment rate, which is causing headaches for both merchants and issuers. The first version of the 3D Secure protocol lacked in the user experience segment, making the cardholders suspicious when processing their payments, thus abandoning their purchases. Let's see how Risk-Based Authentication tackled this issue and eliminated friction which was the leading cause for increased cart abandonment rates.
Cart abandonment rate is a common KPI for measuring the performance of your web store. It indicates how many customers added an item to your web store shopping cart but never finalized the purchase.
In other words, it showcases the rate of customers who showed interest in a particular product/service by adding it to the cart but left without making the purchase compared to the total number of completed transactions.
Industry benchmark based on a number of studies states that the average cart abandonment rate is 69.80%. An abandonment rate greater than the industry benchmark is due to a variety of reasons. Some of them being shipping costs, required sign-up, limited payment options, or checkout processes that are hard to follow.
By tracking their cart abandonment rates, merchants can better understand how their customers behave during their online shopping experience. Also, it is a helpful tool for determining why visitors are not converting into customers.
Security threats in the online payments environment are as real as they get. But the simple truth is that most cardholders did not encounter such unpleasant situations. From their perspective, additional security layers are an inconvenience during the checkout process. They make the cardholder abandon the purchase because of long checkout time or unfamiliarity with the screens. The first version of the 3D Secure protocol provided sufficient security. Still, it does not consider the user experience, especially when discussing mobile versions of the web stores. Simply because the protocol was introduced long before such channels of eCommerce stepped to the scene.
This resulted in a spike in cart abandonment rates. The cardholders had to deal with more friction in order to process a single payment, although that meant a more secured transaction. From the cardholder's perspective, heightened security measures were seen as irritating rather than looked positively upon.
Luckily, the newest version of the protocol, 3D Secure 2, introduced Risk-Based Authentication, enabling frictionless transactions while further improving the payment's security.
Risk-Based Authentication calculates the level of risk for a particular transaction. Upon scoring the transaction as either high, medium, or low risk, the cardholder follows additional authentication steps if needed. It is a dynamic, parameter-driven system that appoints an appropriate authentication method according to an individual transaction's risk score.
Some of the mentioned parameters include the device, location, network, transaction amount, number of transactions, delivery address, behavioral history, new or existing customer, and more.
To better understand how Risk-Based Authentication works, let's use a real-life example. Suppose a new customer is processing a purchase. In that case, the system detects that there is no previous transaction history in connection to the card. The cardholder will likely be challenged in the form of an additional authentication method. However, suppose an existing customer is processing a transaction with an, e.g., known device, and the transaction is within the transaction amount average. In that case, the cardholder is not asked for any additional authentication, and a frictionless transaction will be processed.
Risk-Based Authentication promotes the so-called frictionless transactions; i.e., a transaction that does not require additional authentication on the cardholder side because the transaction is low risk. It allows issuers to approve a transaction without interacting with the cardholder. By eliminating friction, the user experience is automatically better.
A complete flow, enabled because of Risk-Based Authentication, is the following:
Benefits for the cardholders are obvious, a secured transaction with minimum effort regarding authenticating themselves. But the business benefit for merchants lies in reduced cart abandonment rates caused by reduced friction during the processing of online payments. It allows merchants to protect themselves and their customers from fraud while increasing revenue and customer satisfaction due to the frictionless experience enabled by Risk-Based Authentication.
As of right now, issuers are not confident in granting frictionless transactions, i.e., transactions that do not require additional authentication. The reason being is the fact that the issuing banks are the ones who take the liability in case of a fraud attempt. However, risk scoring services are acquiring more and more data by the minute and working on AI data analytics. That data applies to that same data in order to create and analyze customer profiles. This will result in detecting even the smallest deviations from the standard profile and the issuer can step in with SCA to confirm the authenticity of the cardholder.