Guides and reports

Risk management: 3D Secure 2, Strong Customer Authentication and what’s out there to protect your business

Fraud prevention has come a long way, but it always pays to stay two steps ahead. In this article, we’ll look at existing regulations and what we offer to protect your business.

October 11, 2021
 ·  5 minutes
Risk management: 3D Secure 2, Strong Customer Authentication and what’s out there to protect your business

In recent years we’ve seen giant leaps forward in fraud prevention (and abbreviations). We’re sure you’re sick of hearing about the holy trinity of risk management: 3D Secure(3DS), Strong Customer Authentication(SCA), and the Payment Services Directive 2 (PSD2). But while these tools are effective in protecting shoppers, they’re not entirely watertight. That’s why in this article, we’re going to highlight some of the tools we offer to Adyen merchants to keep the fraudsters at bay and your customers safe as houses.

Hang on. I don’t know anything about 3DS, SCA, and PSD2?

Don’t panic. Here’s a handy overview and some further reading.


A European regulation built to create a more open and secure payments landscape across Europe.

Learn more


A European requirement to make online payments more secure. Shoppers are prompted to authenticate with something they know, own or are.

Learn more


A new approach to authentication through a wider range of data and new authentication mechanisms.

Learn more

This is all great. We love it. But it’s the bare minimum of what’s legally required. We set our standards higher and want to make things even better. So here’s our Product Growth Lead Marinos to tell you a little bit more:

The Adyen view

Marino Eltelbany, Risk Product Lead, Adyen

Marino Eltelbany, Risk Product Lead, Adyen

With its adoption becoming more widespread, fraudsters see SCA as a barrier to overcome, a challenge. As Aristotle once said: ​​'The greatest crimes come from a desire for excess and not from necessity.'

“In their quest for further excess, fraudsters are finding new ways to attack your business. Some examples include MOTO, local payment methods, prepaid cards, and usage of non-EEA-issued credit cards.

“It's a common mistake to believe that two-factor authentication is a fraud-proof solution, as scenarios like social engineering, phishing attacks, and refund fraud are on the rise. This makes it particularly difficult for businesses to keep up with a properly balanced risk mitigation strategy without penalizing genuine shoppers, as the merchant fraud levels have now become more pivotal to their business than ever before.

Most Adyen customers know that RevenueProtect can counter fraud scenarios. They don't realize that it also provides a holistic view of their customers' payment behavior. This gives businesses the unique opportunity to understand their customers' habits while maintaining a well-balanced approach.

Adyen's approach is to offer businesses a smart & scalable fraud prevention strategy combined with SCA. Doing this will mitigate risk and ensure exemptions like Transaction Risk Analysis (TRA) are correctly applied."

Your checklist: The benefits of 3DS2 and Adyen’s RevenueProtect

To give you an idea of the differences between 3DS2 and RevenueProtect, their strengths and limitations, we compiled the below checklist:

A checklist highlighting the benefits of 3DS2 and Adyen’s RevenueProtect

The conclusion you can draw from this checklist? It pays to use 3DS2 with the added security of a comprehensive risk management tool.

How is risk management evolving?

We’ve covered fraud in other articles you can find at the bottom of the page. But for now, we’re going to focus on a couple of specific areas of note: Machine learning and Network Signals. These updates offer a combination of intelligent risk checks and a collective approach to defeating fraud.

Machine learning

Let’s face it, machine learning is an overused term. For the person on the street, it’s a blanket term to cloak all manner of algorithms, and in many contexts, those that stand to benefit from machine learning don’t know the rationale behind decisions made by it. Our focus is on transparency. Here are a couple of ways we do it:

Our hybrid setup

We use a combination of static rules and machine learning insights to determine and validate payments. Our explainable model provides clarity. This is instead of an interpretable model, which is a more opaque ‘it works, so why explain’ approach.

In layman’s terms, explainable models save time for you grasping the information and reduce training needs for your personnel. The result: You and your team can identify unique payments data and confidently use machine learning to make smart risk decisions.

At the same time, we enforce static risk checks. This means you save time and effort on risk management while maintaining control.

Control Traffic

With Control Traffic we authorize a small segment of your total transactions, regardless of their risk score, and feed them into a separate data set. In the short term, you can optimize your risk profile by reducing false positives (transactions blocked without good reason) and increasing true positives (blocking transactions with good reason).

In the long term, we’ll continue to develop our machine learning capabilities to reduce your operational workload. We’ll combine existing and emerging machine learning approaches to help you identify and reduce both the rejection of legitimate and fraudulent payments. This brings us to Network Signals.

Illustration of a man sitting on a bench using his smartphone. An abstract speech bubble depicts the data shared when he makes a purchase.

Network Signals

The first step of customer loyalty is to make sure their first purchase goes through without a hitch. But not at the cost of leaving the gate up for unwelcome fraudsters. We’re developing a solution that provides an anonymous data validation infrastructure, allowing opted-in merchants to help each other check critical information and assist them in differentiating legitimate shoppers from fraudsters. We don't share personal data (PII) between merchants, so only the relevant information is used.

We’ve been hard at work creating articles to keep you abreast of the latest in risk management and fraud prevention. Check out the related articles to learn more, orget in touch to find out more.

Fresh insights, straight to your inbox

By submitting your information you confirm that you have read Adyen's Privacy Policy and agree to the use of your data in all Adyen communications.