The 3DS Method URL – Why it’s crucial to the success of your authentication transactions

One of the best things you can do for your business is to optimize EMV® 3-D Secure to its fullest. Truth is, the more information you have, on both sides of the transaction, the more informed, better decisions you can make on every transaction. And isn’t that what we all want? To help lower false declines, increase good transactions, and improve the overall customer experience?

One of the best ways to help do that is to ensure you run the 3DS Method URL on every EMV 3DS transaction.

What is Method URL?

Method URL is a concept in the EMV 3DS protocol that allows an issuing bank to obtain additional browser information at the start of the authentication session to help facilitate risk-based authentication.

–Method URL is a scripting call executed BY the merchant ON BEHALF OF the issuer.

–If Method URL is requested by an issuer, it is mandatory for a merchant to run it on their behalf.

–When the checkout is taking place, the merchant must run the Method URL script, allowing the issuer to collect a rich set of data elements such as device, IP, and other fields that could be used in models and rules.

–If an issuer chooses to run Method URL, but the merchant is not allowing it to complete or run properly, the merchant and issuers could experience negative or unexpected results from the new protocol - such as higher step-up rates or authentication failures. According to Cardinal data, up to a 20% increase in challenge rates and 4% authentication failures¹. Now that’s something to think about!

What's the big deal?

We all know that EMV 3DS delivers 10x more data than the earlier protocol, which helps in better authentication decisioning, improved authorization rates, and fewer false declines. But what is often overlooked is the capability of Method URL. In 3DS 1.0, the dataset that merchants could pass in was extremely limited.

How did this affect merchants and issuers, and what’s the solution?

–Issuers had very little insight into who the consumer was. This made it hard for them to make an authentication decision without challenging the consumer and creating friction. Like merchants, issuers want a good user experience so that a cardholder continues to use their card at checkout - but this requires insight into the purchase data. As a result, some sophisticated issuers and ACS providers worked hard to use whatever tools were available to them to gain additional insight without disturbing the consumer experience.

–Merchants tried to find ways to share this additional data with issuers and ACSs - if it meant higher authentication rates and fewer challenges.

–The problem with both situations was HOW this information was being captured, WHERE it was happening within a transaction, and WHAT the results were.

–Method URL makes this experience more standardized and predictable, while providing the benefit of additional data sharing within the authentication flow. It presents the opportunity for a consistent window within the transaction flow where issuers can capture additional data for risk-based decisioning.

So, what can you do and how can merchants and issuers ensure they are getting the most out of their EMV 3DS protocol?

–An issuer should ensure their ACS is taking advantage of this capability. Most ACSs will be able to provide you with performance data to show what an issuer can expect from their models and platforms, as well as what data will be available to the issuer for risk-based decisions.

–Merchants should run Method URL, and make sure they are doing so correctly. The best 3DS providers know how to help their clients properly run Method URL and how to do so in the most seamless way possible with the least impact on the customer experience.

At Cardinal, we offer Device Data Collection, which allows us to collect the EMV 3DS required browser data elements to make the EMV 3DS request and invoke Method URL, if available. We also have a Best Practices Guide for our clients to ensure their Method URL is optimized. Issuers receive the data they need to make better decisions, helping to minimize friction and lower challenges and false declines, for an enhanced customer experience.

Want to learn more? Let’s talk.

¹ CardinalCommerce data, July 2021
EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC

Related news + trends

industry news

The latest version of EMV® 3-D Secure – a deeper dive

EMV 3DS can help manage PSD2 SCA’s exemptions. See if they’ll work for you.

read more
our stories

2020 What is happening and what is to come at Cardinal

At Cardinal, our 2020 resolution is all about building our existing capabilities and expanding our reach in the latest protocols. See what we've got planned for 2020.

read more
case study

Clothing and Footwear Benchmark

Learn how authentication affects Card-not-Present authorization rates and key statistics on fraud in the clothing and footwear industry.

read more
mandates

Is your shopping cart ready for PSD2 SCA?

Authentication is core to payment processing in Europe, so if your digital transactions are not authenticated, you will be expected to implement a solution before your business is impacted.

read more