Passwordless authentication platforms utilize the 3D Secure 2 protocol to provide online merchants with one of the strongest real time fraud prevention systems available today while still maximizing convenience and conversion rates. An added benefit of 3D Secure 2 is that it meets the regulatory requirements necessary to shift chargeback liability from merchants to the issuers.
3D Secure 2 - Strong Customer Authentication with Higher Conversions
The Three-Domain-Secure 2.0 (3DS2) protocol was developed with the goal of minimizing friction during the checkout process for both consumer and merchant while still meeting strong customer authentication (SCA) standards. Under the EU’s Revised Payment Services Directive (PSD2), as an ecommerce fraud prevention measure, strong customer customer authentication requires at least two of three possible authentication factors are used to confirm the identity of the purchaser.
Those authentication factors are: 1) something only the consumer knows, like a password or PIN, 2) something owned by the customer, like a mobile phone or a security token, and 3) something that can be physically tied to the customer, like a biometric such as a fingerprint or face scan.
When 3D Secure was first introduced as an ecommerce fraud prevention measure, it required a customer to be redirected to their bank’s landing page where they would then need to provide a password or code as a means of payment authentication. This additional step created additional friction in the checkout process and resulted in higher cart abandonment and lower conversion rates.
Fortunately, 3D Secure 2 addresses the issue by creating a payment authentication flow that no longer requires a redirect or a password to be entered. Under 3D Secure 2, the customer’s bank is provided additional key pieces of data which enable them to make a transaction risk assessment and, if necessary, challenge the transaction. If the transaction is deemed risky, the bank will ask the cardholder to provide additional information before the transaction can be processed.
Certain transactions, such as low value or recurring transactions, are exempt from PSD2’s strong customer authentication regulations under 3D Secure 2, which helps reduce friction during checkout.
Shifting Chargeback Liability from Merchant to Banks
By using 3D Secure 2 for payment authentication, a merchant can shift the liability for fraudulent chargebacks to the customer’s card issuer instead of being on the hook themselves. This means the merchant is no longer responsible for chargebacks related to disputed payments. While the benefits of 3D Secure 2 for merchants is clear, there are certain limitations of this program to consider.
For example, transactions exempted from strong customer authentication requirements under PSD2 are not covered by the liability shift. Another case would be a merchant who has shown high levels of fraudulent activity and as a result is subject to a fraud monitoring program.
Use Case 2: Crypto Exchanges & Digital Wallets
Securing your digital wallet with a password is like leaving the combination to your safe on a post it note on the door. With crypto related fraud seeing a 1,000% increase since fall 2019, adding real time fraud prevention measures like passwordless authentication and payment authentication to digital wallets and crypto exchanges has never been more important.
Passwordless authentication platforms can help crypto exchanges and digital wallets maximize their user’s security, enhance user experience, and meet new regulatory challenges.
An effective way for crypto exchanges and digital wallets to increase their conversion rates is to implement practices that align with user priorities. Crypto exchanges and digital wallets which process transactions quickly and seamlessly, have a user-friendly UX, and low friction secure authentication process will see higher retention and conversion rates.
The problem is most crypto exchanges and digital wallets use authentication solutions that fail to address these customer priorities and many require users to enter dynamic passcodes manually.
Passwordless authentication platforms like LoginID’s enhance the user’s experience by making authentication simple and secure by only requiring a face scan or fingerprint that is native to their device. What sets LoginID’s passwordless authentication platform apart from the crowd is that it's built on the FIDO2 protocol and is supported on nearly all major operating systems and browsers.
Highly Secure WebAuthn & Social Engineering Fraud Prevention
LoginID’s passwordless authentication platform incorporates both FIDO2 web authentication (WebAuthn) and World Wide Web Consortium (W3C). FIDO2 WebAuthn eliminates the need for passwords by utilizing biometric authentication right in the browser. Crypto exchanges and digital wallets can implement LoginID’s FIDO2 WebAuthn solution to enhance their fraud prevention measures without compromising usability.
Crypto exchanges and digital wallets are constantly being hacked by fraudsters mostly using the social engineering attack known as SIM swapping. SIM swapping is where a fraudster gains control of a customer’s phone and SIM card by tricking the phone company. Once in control of the phone the fraudster can intercept one time passwords sent by SMS and access the user’s digital wallet.
Once again, the key weakness here are passwords. SIM swapping attacks can be eliminated by integrating FIDO2 passwordless authentication and utilizing the biometrics on the device. It would be very difficult for a fraudster to steal a user's device and then somehow replicate their fingerprint or face scan to access their digital wallet.
Transaction Confirmation with Digital Signature
For an added layer of security crypto exchanges and digital wallets could implement LoginID’s transaction confirmation with digital signature tool. Anytime a user wants to transfer crypto they will be prompted for their biometric to digitally sign the transaction. This acts as a digital receipt for every transaction and is a powerful real time fraud prevention tool. A fraudster will have a difficult time illicitly transfering crypto from a hacked digit wallet if they need to provide biometric authentication to do so.
Use Case 3: FinTech & Open Banking
The reasons for instituting real time fraud prevention measures in the financial industry are abundantly clear as access to finances is the end goal of every fraudster. With fintech being a prime target for fraudsters, implementing FIDO2 passwordless authentication to protect their customers should be a no brainer.
The financial industry is one of the most strictly regulated industries globally. Rigid legal frameworks and strict requirements have been imposed by policymakers on private sector actors around the world.
There is a global trend towards open banking and both regulators and financial institutions are taking active notice. A massive opportunity for fintech lies in the growth of open banking. Open banking is creating potential for fintech companies to innovate and prosper in the space and for customers to gain more control over their data. However, this opportunity requires effective real time fraud prevention measures and secure convenient passwordless authentication are in place.
Meeting Regulatory Requirements
LoginID’s FIDO2 passwordless authentication solution is aligned with the EU’s General Data Protection Regulation (GDPR). FIDO2 standards were developed with privacy protection at the forefront of its design and privacy is a key element of GDPR. By utilizing LoginID’s FIDO2 passwordless authentication platform, fintech companies can meet the strong data protection requirements set forth by GDPR.
High Security Standards for Real Time Fraud Prevention
PSD2 stipulates that companies prevent all unauthorized parties from accessing any factor of the strong customer authentication process. With FIDO2 passwordless authentication, the end user’s biometric information is stored in the secure enclave of the device. This means that even if the device itself is stolen, the authenticating factor cannot be accessed.
Under PSD2, payment service providers need to provide customers with a safe mechanism to review and confirm their transactions. This ecommerce fraud prevention measure is designed to prevent disputed transactions and chargebacks by providing payment authentication for all transactions. As mentioned above, LoginID’s transaction confirmation with digital signature tool meets these requirements.
LoginID is a comprehensive FIDO2 passwordless authentication platform built with both developers and enterprises in mind. Based on FIDO2’s public/private key cryptography, LoginID’s passwordless authentication solution is easy to integrate, cost-effective, and aligned with PSD2, GDPR, HIPAA, and CCPA regulations.
LoginID offers several simple to use APIs and SDKs, view our documentation here.