"Online retailers are very vulnerable to credit card fraud, especially if they're selling virtual goods such as vouchers or software, or anything they have to ship rapidly," says PayGate MD Peter Harvey. "If the cardholder later claims the details were stolen and requests a chargeback, the merchant has to swallow the loss."
By making cardholders enter an extra password or one-time PIN before they can complete a purchase, '3-D' protects merchants. "This gives online retailers the same protection a physical store enjoys when customers have to enter the PIN at the till. Moreover, it is free so every online merchant should be using it."
What is holding some people back is the fear of lost sales. "Even though 3-D Secure has been around for a while, it still results in 15-20% lower sales. That obviously includes fraudsters who had to abandon their attempts, so part of it is good news. However, even a 5-10% loss of genuine sales hurts.
"When customers abandon a purchase at the last hurdle, it is often because they are not very familiar with 3-D Secure and the sudden introduction of a new step in the process makes them suspicious. The best way to combat confusion is with better information.
"Every online retailer should have a clear Help section that is easily accessible from their checkout pages that explains exactly how 3-D Secure works and why it is a good idea. A couple of lines of text explaining what will happen when your customer hits the Purchase button is also a good idea. If you provide a clear map that makes the process predictable, people are much less likely to lose trust."
He admits the task would be easier if the banks did not all implement 3-D slightly differently. "Some of your customers will be asked for a predefined password, others will be sent a one-time PIN. But so long as you acknowledge and explain what's going on, you can help to overcome the hurdle."
Merchants should take care to ensure their explanations are written in clear English that is easy to understand. "Avoid the technical jargon like 'authentication' and 'issuing bank' - an explanation that leaves people more confused just makes things worse," he concludes.
