One of the best ways to help do that is to ensure you run the 3DS Method URL on every EMV 3DS transaction.
Method URL is a concept in the EMV 3DS protocol that allows an issuing bank to obtain additional browser information at the start of the authentication session to help facilitate risk-based authentication.
–Method URL is a scripting call executed BY the merchant ON BEHALF OF the issuer.
–If Method URL is requested by an issuer, it is mandatory for a merchant to run it on their behalf.
–When the checkout is taking place, the merchant must run the Method URL script, allowing the issuer to collect a rich set of data elements such as device, IP, and other fields that could be used in models and rules.
–If an issuer chooses to run Method URL, but the merchant is not allowing it to complete or run properly, the merchant and issuers could experience negative or unexpected results from the new protocol - such as higher step-up rates or authentication failures. According to Cardinal data, up to a 20% increase in challenge rates and 4% authentication failures¹. Now that’s something to think about!
We all know that EMV 3DS delivers 10x more data than the earlier protocol, which helps in better authentication decisioning, improved authorization rates, and fewer false declines. But what is often overlooked is the capability of Method URL. In 3DS 1.0, the dataset that merchants could pass in was extremely limited.
How did this affect merchants and issuers, and what’s the solution?
–Issuers had very little insight into who the consumer was. This made it hard for them to make an authentication decision without challenging the consumer and creating friction. Like merchants, issuers want a good user experience so that a cardholder continues to use their card at checkout - but this requires insight into the purchase data. As a result, some sophisticated issuers and ACS providers worked hard to use whatever tools were available to them to gain additional insight without disturbing the consumer experience.
–Merchants tried to find ways to share this additional data with issuers and ACSs - if it meant higher authentication rates and fewer challenges.
–The problem with both situations was HOW this information was being captured, WHERE it was happening within a transaction, and WHAT the results were.
–Method URL makes this experience more standardized and predictable, while providing the benefit of additional data sharing within the authentication flow. It presents the opportunity for a consistent window within the transaction flow where issuers can capture additional data for risk-based decisioning.
So, what can you do and how can merchants and issuers ensure they are getting the most out of their EMV 3DS protocol?
–An issuer should ensure their ACS is taking advantage of this capability. Most ACSs will be able to provide you with performance data to show what an issuer can expect from their models and platforms, as well as what data will be available to the issuer for risk-based decisions.
–Merchants should run Method URL, and make sure they are doing so correctly. The best 3DS providers know how to help their clients properly run Method URL and how to do so in the most seamless way possible with the least impact on the customer experience.
At Cardinal, we offer Device Data Collection, which allows us to collect the EMV 3DS required browser data elements to make the EMV 3DS request and invoke Method URL, if available. We also have a Best Practices Guide for our clients to ensure their Method URL is optimized. Issuers receive the data they need to make better decisions, helping to minimize friction and lower challenges and false declines, for an enhanced customer experience.
Want to learn more? Let’s talk.
¹ CardinalCommerce data, July 2021
EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC
EMV 3DS can help manage PSD2 SCA’s exemptions. See if they’ll work for you.
At Cardinal, our 2020 resolution is all about building our existing capabilities and expanding our reach in the latest protocols. See what we've got planned for 2020.
Learn how authentication affects Card-not-Present authorization rates and key statistics on fraud in the clothing and footwear industry.
Authentication is core to payment processing in Europe, so if your digital transactions are not authenticated, you will be expected to implement a solution before your business is impacted.
You'll be the first to hear about new products, features, and company updates.