UK Finance's 2020 Fraud Report highlighted that remote purchase fraud, also known as card-not-present (CNP) fraud was the most common form of payment card fraud in the UK. A remote purchase transaction is made where the cardholder is not there in person and this type of fraud occurs when a criminal uses stolen card details to buy something on the internet, over the phone or through mail order. It was responsible for losses of over £470 million in 2019 alone of which over £359 million was e-commerce.

Victims of unauthorised payment card fraud are legally protected against losses, and we can see from the 2020 Fraud Report that card issuers refunded the customer in 98 per cent of cases. However, the picture does not look as rosy for merchants in the e-commerce space. Depending on the speed with which the fraud is identified, merchants may be able to prevent the shipping of goods. However, if they are unable to prevent shipping, responsibility for losses depends on whether or not they used the 3D-Secure (3DS) process. If they did, then liability for the loss sits with the card issuer and the merchant can utilise the chargeback liability shift. If they did not, the merchant must foot the bill for the loss.

Yet historically the 3DS process has not been embraced universally by merchants with approximately 35 per cent of traffic in the UK coming through the 3DS channel in 2019. The main reason for this is that it allows the card issuer to risk assess the transaction. If the transaction is seen as having a degree of associated risk, the issuer can apply some form of authentication to validate the card user. For the merchant this may be a problem, as the fate of their sale is in the hands of the issuer's risk tolerance. There are some notable e-commerce merchants that have never embraced 3D-Secure version 1 as a result of the potential for friction and therefore transaction abandonment.  

Step forward EMV 3DS (the second version of 3DS), which has been designed to address some of the merchant's concerns with 3DS. This includes improving the risk decision with more data, new payment methods, new channels for payments and a better user experience. Importantly, it also provides the possibility for merchants to overrule the outcome of the EMV 3DS decision and retake the liability for the transaction where necessary. In a world where PSD2 and Strong Customer Authentication is mandated, EMV 3DS gives merchants the tools to be flexible and compliant at the same time. Learn more about EMV 3DS, PSD2 and more in RSA's Bitesize Briefings.

The Future of Payments Infrastructure - Digital Innovation Summit, 2-20 November

The Covid-19 pandemic has had a dramatic and irrevocable effect on how customers in the UK, and abroad, conduct their payments. This in-depth panel discussion reviews the effects the pandemic has had on the payment's ecosystem, how it has forced innovation, and what the next steps might be for payments, both at home and abroad.

Learn more about the Payments Tech stream at the Digital Innovation Summit, here.