Why does my business need to collect more customer data when 3DS2 implemented?

In total there are 135 data elements that can currently be captured as part of the 3DS2 protocol including device or browser data, customer billing and contact details, and many other optional data elements.

The quality and accuracy of the data you provide can directly influence the likelihood of your customers being authenticated in a frictionless manner at your checkout. Visa analysis shows that, for example, the addition of just one of those data points – device ID information – improves fraud detection rates by 200%+.

These new required and optional data elements are used by the Issuer’s fraud engine to determine the risk of each transaction. Where risk is assessed as low, the Issuer may apply the TRA (Transaction Risk Analysis) exemption to the transaction avoiding a cardholder authentication challenge.

Where the risk is assessed as high, an authentication challenge will need to be completed by the cardholder. The authentication challenge can come in several forms, at the Issuer’s discretion, but the most common implementation is likely via an OTP (one-time passcode) sent by the Issuer to the cardholder’s mobile number that must be entered to confirm authentication. This scenario may occur, for example, because there is not enough data or the data doesn’t match what the Issuer is expecting. For the best cardholder experience it is important you capture and send as much good data as you can.

Since the introduction of a risk-based approach to authentication, Visa has published that there has been a 70% reduction in abandonment rates and at the same time fraud rates have fallen, indicating that risk-based assessments are an effective tool to detect and prevent fraud.