The full guide to strong customer authentication (SCA)
In recent years we’ve seen giant leaps forward in fraud prevention (and abbreviations). We’re sure you’re sick of hearing about the holy trinity of risk management: 3D Secure (3DS), Strong Customer Authentication (SCA), and the Payment Services Directive 2 (PSD2). But while these tools are effective in protecting shoppers, they’re not entirely watertight. That’s why in this article, we’re going to highlight some of the tools we offer to Adyen merchants to keep the fraudsters at bay and your customers safe as houses.
Don’t panic. Here’s a handy overview and some further reading.
This is all great. We love it. But it’s the bare minimum of what’s legally required. We set our standards higher and want to make things even better. So here’s our Product Growth Lead Marinos to tell you a little bit more:
Marino Eltelbany, Risk Product Lead, Adyen
“With its adoption becoming more widespread, fraudsters see SCA as a barrier to overcome, a challenge. As Aristotle once said: 'The greatest crimes come from a desire for excess and not from necessity.'
“In their quest for further excess, fraudsters are finding new ways to attack your business. Some examples include MOTO, local payment methods, prepaid cards, and usage of non-EEA-issued credit cards.
“It's a common mistake to believe that two-factor authentication is a fraud-proof solution, as scenarios like social engineering, phishing attacks, and refund fraud are on the rise. This makes it particularly difficult for businesses to keep up with a properly balanced risk mitigation strategy without penalizing genuine shoppers, as the merchant fraud levels have now become more pivotal to their business than ever before.
“Most Adyen customers know that RevenueProtect can counter fraud scenarios. They don't realize that it also provides a holistic view of their customers' payment behavior. This gives businesses the unique opportunity to understand their customers' habits while maintaining a well-balanced approach.
“Adyen's approach is to offer businesses a smart & scalable fraud prevention strategy combined with SCA. Doing this will mitigate risk and ensure exemptions like Transaction Risk Analysis (TRA) are correctly applied."
To give you an idea of the differences between 3DS2 and RevenueProtect, their strengths and limitations, we compiled the below checklist:
The conclusion you can draw from this checklist? It pays to use 3DS2 with the added security of a comprehensive risk management tool.
We’ve covered fraud in other articles you can find at the bottom of the page. But for now, we’re going to focus on a couple of specific areas of note: Machine learning and Network Signals. These updates offer a combination of intelligent risk checks and a collective approach to defeating fraud.
Let’s face it, machine learning is an overused term. For the person on the street, it’s a blanket term to cloak all manner of algorithms, and in many contexts, those that stand to benefit from machine learning don’t know the rationale behind decisions made by it. Our focus is on transparency. Here are a couple of ways we do it:
Our hybrid setup
We use a combination of static rules and machine learning insights to determine and validate payments. Our explainable model provides clarity. This is instead of an interpretable model, which is a more opaque ‘it works, so why explain’ approach.
In layman’s terms, explainable models save time for you grasping the information and reduce training needs for your personnel. The result: You and your team can identify unique payments data and confidently use machine learning to make smart risk decisions.
At the same time, we enforce static risk checks. This means you save time and effort on risk management while maintaining control.
With Control Traffic we authorize a small segment of your total transactions, regardless of their risk score, and feed them into a separate data set. In the short term, you can optimize your risk profile by reducing false positives (transactions blocked without good reason) and increasing true positives (blocking transactions with good reason).
In the long term, we’ll continue to develop our machine learning capabilities to reduce your operational workload. We’ll combine existing and emerging machine learning approaches to help you identify and reduce both the rejection of legitimate and fraudulent payments. This brings us to Network Signals.
The first step of customer loyalty is to make sure their first purchase goes through without a hitch. But not at the cost of leaving the gate up for unwelcome fraudsters. We’re developing a solution that provides an anonymous data validation infrastructure, allowing opted-in merchants to help each other check critical information and assist them in differentiating legitimate shoppers from fraudsters. We don't share personal data (PII) between merchants, so only the relevant information is used.
By submitting this form, you acknowledge that you have reviewed the terms of our Privacy Statement and consent to the use of data in accordance therewith.