Home > News and Blog

June 06, 2022
by David Goodale

Using 3DSecure (version 2) to protect your business from chargebacks

(Slightly edited from video transcript for greater readability)

David Goodale:

Hello, David here at Merchant-Accounts.ca with another episode of the vlog. In my 20 years of payments, one of the most exciting products that didn't quite live up to the expectations was the original version of 3D Secure. It promised to help finally protect merchants from online fraud, which was a huge benefit, but the cumbersome checkout process caused so many click offs that most merchants just wouldn't use it. The way that it worked was during the checkout process, people get a popup window and they had to type in an extra password in order to complete the purchase, which at the time was called verified by visa or MasterCard secure code that got abandoned because it basically didn't work that well. There's now a much improved version of 3D Secure called 3D Secure version two. Today I'm talking to Josh Cohen from paay.co, which is a company that provides 3D Secure authentication services. Josh signed up to answer all of our questions about 3D Secure today. Josh, thanks for joining.

Josh Cohen:

Thanks for having me David.

David Goodale:

Awesome i'm just going to jump right in here. Was my intro, correct? First of all, because I'm not an expert on 3D Secure. Did I get anything wrong there?

Josh Cohen:

Everything sounded good. Okay.

David Goodale:

Okay, cool. I'm going to start at the top. I already kind of mentioned it, but I'm just going to ask you what is the benefit, the main driving benefit of a, of using 3D Secure?

Josh Cohen:

The ultimate reason is with e-commerce merchants, all their credit cards are all the transactions rather are card, not present transactions. all the chargeback liability is on the merchant. So when they use R 3D Secure in Canada, the us any anywhere outside the EU they can add this frictionless technology where the user doesn't see any kind of popup. It's basically the same checkout experience, but they're able to shift the liability of the majority of their transactions away from them so that If they do become fraud transactions or fraud, chargebacks, it's not their problem. They don't have to pay a chargeback or chargeback fee. Instead the liability gets shifted to the customer's issuing bank.

David Goodale:

Which is overdue. Like there's a lot of merchants that feel chargebacks are unfair because the issuer, not to get overly deep into it, but the issuer makes all the money on the interest. They have all the con control and dispute process of a merchant doesn't use 3D Secure. this finally evens a playing field. In fact, just to go off just a little bit further on this point, one of the classic complaints that merchants had is you could have sold some talking from the merchant's perspective. I sold something to someone, like it was obviously them. I sent it to their address. Here's a picture of them, on their Facebook, walking around in the t-shirt that they bought in the, and I still lost my chargeback. The reason why that can happenn sometime is the card issuing bank actually makes, has all of the decision making control in the chargeback process.

David Goodale:

And so they don't care about the merchant. They just don't want to bear with an upset customer. Unless you have like an avalanche of overwhelming information, no, this is not an always true case. The card issuers who make the decisions tend to side strongly card holder. Then, and then If a merchant, If you want to take it one step further, you can take it to visa, MasterCard for binding arbitration, but that's like super expensive and it's a, and it's a nightmare. I think 3D Secure is the or 3D Secure two it's like the equalizer, right? Because now at least some of it's more of a fair and even playing field and it puts the onus back on the issuer to figure out If they want to take this risk basically

Josh Cohen:

Pre pretty much. Yeah. I mean like you said, the banks will always side with their customers. You know, If you know, the average consumer, has obviously more than one credit card. If that first credit card in the wallet is the chase Sapphire, they're going to want to make sure that that consumer is always using that chase Sapphire. yeah, they're always going to take their word for whatever story they make up. So that they, they just stay a loyal customer to that bank.

David Goodale:

Exactly. I mean, ten second story from of mine some of your might have heard this before, but I had a client that did moving, moving and transportation logistics, a gym closed. So the owner moved all their gym equipment and they provided the trucks. They offered to the guy, If they wanted them to like strap all the equipment down, he said, no, he did all the strapping of the equipment on the truck. The stuff got damaged in transit. Then they helped him submit an insurance claim to his insurer to cover the damage to the equipment. He lost it because he's the one that loaded the equipment. You can't load it, improperly damage it and then seek an insurance claim. after he lost all that, he called his bank and said, Hey, this wasn't me. I don't know what these guys are talking about.

David Goodale:

This is fraud. my client's like, but like we were on site here's pictures of us with the guy and they, they lost the charge back to the card issue. Sometimes, and that's wrong and it, the issuer doesn't always get it so wrong, but some of the cases are crazy and I strongly see the benefit of 3D Secure as does any merchant who's ever dealt with fraud or even friendly fraud. I was just going to ask. Yeah, the I'm just going to ask a question. I don't know If you know the answer to this one, but the original version of 3D Secure. I know it's still going today. I believe it is. Is it being sunset or phased out officially?

Josh Cohen:

Yeah.

David Goodale:

It is. Do you know when that's happenning?

Josh Cohen:

It it's going to be sunset as of October.

David Goodale:

Okay. 3D two is, is the way. The reason why that happenned was all the click offs. with, with 3D Secure, I'm just kind of bouncing all over the place here, but does it also protect all good Amex transactions or is it just visa and MasterCard?

Josh Cohen:

Yes. American express and discover will participate in 3DS as well.

David Goodale:

Okay. Now I'm really going to kind of let your expertise shine here. You've used the word frictionless. I've talked about all the friction of back in the day yet to remember you're verified by visa password, which nobody ever did. how does frictionless work?

Josh Cohen:

Great. That's a, that's an awesome question. basically with 2.0, we're able to give the issuer additional on page data that they can gather behind the scenes without any kind of two-factor authentication. I'll give you an example when the customer is checking out and they're, they hit that buy button before that transaction gets sent to the gateway, we're going to run that authentication. we ping their issuer. Let's say they're using a chase Sapphire. we ping chase. Then chase has the ability to see, for example, what kind of device they're using. it's like If, If David, If you're using your iPhone you're using your chase Sapphire to buy something through your iPhone. They can recognize that and line that up and feel like, okay, this is actually David making the transaction. It's not like a stolen credit card. So 3D S has multiple data points that they can reference. each issuing bank has their own proprietary formula of making that authentication. But the idea is that we're giving the bank more confidence that the transaction is legit.

David Goodale:

That makes sense. I think, I actually hadn't thought of this in a little bit, but I don't know the metric. Maybe, maybe do, maybe don't incorrect me. If you do the idea back in the day, I think when visa approach or whatever, when the card brands approach the issuers, it's like, Hey, you guys are challenging everything. I'm talking about three discu version one. it's like, If Dave goes on best buy for the third time, this month to buy another technical gadget, he doesn't need which I do. Uh, the

Josh Cohen:

*laugh*.

David Goodale:

Why are you challenging him? You know, that it's him and card issuer. You are making this a bad experience for our card holder. I'm pretty sure they set, I guess my question, Josh is, is there a metric? Is it something like 95% of transactions or something are supposed to slide through unchallenged? The frictionless part of the checkout that we're talking about?

Josh Cohen:

generally I can only speak anecdotally from the data of, of my own customers at pay mm-hmm , but yeah, generally you'll see, 70%, 80% frictionless authentication where either the bank is participating in 3D Secure and they run that authentication. They look at things like IP address and device, and then they re they respond like, yes, we're comfortable with the transaction, or, and by the way, that's a status, why or Y or status a for attempted, and this is how the networks kind of push 3D Secure 2.0 out into the, into the issuer world is that If the issuer doesn't feel like participating in 3D and being up to date, then it's a status a for attempted where basically the card brand will provide the merchant with the 3D Secure response on behalf of the issuer, and basically force that authentication and force that liability onto the issuer a hundred percent of the time.

David Goodale:

Oh, so it's like issuer get with the program. You should have been compliant with this or something along those lines.

Josh Cohen:

Exactly. It's a get with the program kind of thing. In the first example where the issuer is participating I mentioned earlier that they have their own proprietary set of rules and it's kind of unique for each bank, but some things that I see anecdotally are with participating banks, higher dollar amounts will sometimes result in a challenge more often than, than like a, maybe a $50 authentication

David Goodale:

As it should be. There's more risk there. that, that makes that sense. So, so how does the, so one of the things I actually know this, because I've spoken to a merchant that's integrated the pay service before, and they were telling me about the API. I've never gone hands on with it. If I tried to, I wouldn't do very well with it. I was a programmer 20 years ago, so enough to be dangerous, but I think there was like, like 200 things or something like I re these are things that stick out in my mind. It was like, they looked at the pixel depth of the device. You're viewing the page on it's like, it's, they they're collecting or aggregating a lot of data. Right. For the, for every transaction that's submitted.

Josh Cohen:

Yeah. Yeah. There's a lot of data points that are, that are included in that authentication process.

David Goodale:

But it's not hard for me. It's not like a merchant's doing, so let's talk about pay for a second. it's not like the merchants doing 200 heavy lifting things. You guys kind of make it easy to do that somehow.

Josh Cohen:

Yeah. So there are old school implementation is our API, which has all those different line items. But the primary implementation that we suggest to our customers is our SDK. all that is, is basically, a developer or someone who's at least dangerous. Like you, David will go onto the checkout page tag the fields of where we can get the credit card and expiration date and the amount of what's being authenticated. Then a few different tweaks here and there. You're basically integrated and all that heavy lifting is done by the SDK.

David Goodale:

Interesting. You know, what took me a while to wrap my mind around. I mean, like I, so I know that you make it easy and I know that I'm with TD. Okay. let's just say that I'm doing a $10,000 transaction, at three in the morning and TDS like, okay, this doesn't sound like Dave, a challenge needs to happenn. The part that I've had. I think it's not just me, it's a lot of even knowledgeable people in the industry. How does the issuer control If they decide to do a challenge, how do they control it? Because it could be like a text. In fact, before you answer the question, I'll give you an example. A friend of mine okay. Is British. Uh, and she, and because of the PST two directive, which we might talk about in a little bit here, it's a, it's a European, payments directive thing, but 3D Secure is more popular in Europe than in north America, I think.

David Goodale:

But because of that, when she does purchases, she has her banking app on her phone and it requires her to scan her fingerprint every time a transaction's being done. I think actually I'm almost certain that is the three secure component. Whereas with TD in Canada, I had someone recently that, that went live and did a transaction and they said, Hey, you're going to get an email code, check your email, we'll get a one time use code, type it in. What's what I'm curious about. I don't even know If this is a question or just a rant at this point, but how does the *laugh*, how does the issuer control such a diverse number of interactions through the challenge window? How do you guys handle all that?

Josh Cohen:

I agree with you. It can be a clunky process. Um, but what we do with our SDK and for merchants, needing PST two compliance is that, we provide control over an eye frame. Mm-hmm , which is, for those who are less tech, technical it's kind of like a window that is, is enables a third party. Like, so like, like data from somewhere else.

David Goodale:

You know what I always say, Josh, think of a picture on Facebook when you click on a picture and it overlays on the page, that's like an iframe kind of.

Josh Cohen:

Yeah. Okay. That's really, that's a much better explanation *laugh* but yeah, so we, we give the merchant full control over the Iframe. Typically I recommend just full screening, the Iframe that it makes it easy. Um, but you could technically put it next to the checkout form If you so chose to do that. Mm-hmm . Um, but yeah, so we give that control and then yeah, the issuer will do either a text message or redirect the user to their banking app and it's um, yeah, I guess it's a little clunky, I would say that's why in, in the us, the 1.0 3D S which required stepped up, consumer authentication, it, it didn't really take off so well, but I think with, with the EU, since the PST two directive that you you've mentioned is kind of forcing everybody to have this. I think the issuers are really upping their game with how smooth that authentication challenge process works.

David Goodale:

Okay. Josh, one of my questions is about the challenge itself because a card holder can either fail the challenge or the issuer. I don't know. Sometimes, like you said, the challenge can be, so I'm with TD. I don't even know If I am enrolled for 3D Secure, so I don't even know how they would challenge me. I don't do online banking because I I'm always afraid I'm going to lose my cell phone. Someone just got access to my bank accounts. *laugh*, If somebody, If somebody fails the challenge or the card issuer wants to issue a challenge, like If 80% of the time it goes on challenged, which is great, but 20% of the time it is challenged. What's the best practice. What do you recommend to do to your clients in those scenarios?

Josh Cohen:

for most of my clients are outside of the EU. So the PST two requirements don't apply to them. You can run e-commerce transactions without 3D Secure. what we do, which is totally compliant is when we get a frictionless response, whether it's status a for attempted, that means where the bank isn't participating in the brand like visa, MasterCard is forcing them to authenticate frictionless mm-hmm , or If it's a status Y where the bank signs off and says, Hey, this is cool. They authenticate frictionless. Those are great. We send those in and, we'll see, 60, 70, 80% coverage on approved transactions in the gateway with just those alone on the steps that require a challenge. You know, If you shop, If you do a lot of e-commerce shopping in the us and Canada, you rarely see a 3D Secure challenge.

Josh Cohen:

That means that the population here is not so accustomed to filling out a 3D Secure challenge. what we recommend is to not show that challenge and our SDK kind of does that by default. If the issue where it decides, when we attempt to authenticate, they, they are participating in, but, but their algorithm says, we want to challenge this just to make absolutely sure. We'll actually close out that request and then have the merchant send that transaction right to the gateway for authorization, without 3D Secure, ah, that way there's no card abandonment. , we, the merchant can still have a high conversion rate, but get a lot of protection with the frictionless 3D Secure.

David Goodale:

What you've done is you've utterly and completely reduce the click offs with that approach. Uh, that's interesting. yeah, and I think, so this is so interesting. Like, I will tell you this, like the head of risk at a well known payment processor that I work with, they're approving accounts, conditional on 3D Secure, like even the head of risk, don't understand how this work, how this works. I think this is such an interesting topic to so many people who hopefully, view this someday. here's a question that I'm going to flip back at you though. what, what If you're a high risk merchant? I had a merchant one time that was selling it wasn't world of Warcraft, but something like world of Warcraft, like the sort of Zania or whatever like that, and so selling digital goods to young people that have all the time in the world, they're technically proficient, they're dumb enough to use stolen credit cards, like there's certain demographics that are hard to hit. That would be an example of a merchant that might say, Hey, like I acknowledge that I have high risk demographic and I don't want to let it slide through. Is there a way to approach it where If the issuer wants a challenge to force the challenge through, to give them the opportunity else abandoned, it's the actual opposite approach of what you're talking about.

Josh Cohen:

Absolutely. Yeah. We give the option to show the challenge and you can take it a step further and code the page to say, Hey, If we're not getting a status a or a status, Y which, by the way, when you get a status C, which is for challenge, when that challenge is successfully completed, it results in a status. Y so you could say, If I'm not getting an a or a Y, I don't want to authorize this transaction, you can absolutely do that.

David Goodale:

That's interesting, but you can also handle the challenge. In other words, If you, If the issue wants to do the challenge and maybe just said this, I apologize If I'm just repeating the same question, but people can do the challenge with pay. If they wanted to

Josh Cohen:

100%, they can, they can use our SDK. we give through the SDK, the merchant full control over the formatting of the Iframe. we, I typically recommend full screening the Iframe, so that it's just like the user just sees the full challenge and it's, they don't have to scroll, or maybe their iPhone, like formats the page in a weird way so that they can't see the challenge. I always recommend just full screen the challenge, but yeah, we're giving you that control. If you wanted to put it next to the checkout form, you could do that as well. But yeah, with that control, you're not going to control the actual challenge itself. Like If it's a text message or security question, but you'll control where it's how it's being positioned on your page.

David Goodale:

That makes sense. I'm realizing this conversation with you is helping me to realize that 3D Secure, there's still a lot merchants. There's a re quite a reasonable amount that merchants can do with it. Uh, and I, I briefly want to talk about PSD two because I probably, we should not throw around acronyms without describing in some sense what it is for our viewers. I'm going to get this a little bit wrong, so please forgive me. I'm not an expert on it, but it stands for payment services directive two. In Europe, the authorities, I don't know what governing body basically said, Hey, businesses, If you were doing e-commerce or card, not present transactions, you need a second layer of authentication, one layers, the credit card number, but you need a second layer of authentication and 3D Secure is the most popular way of accomplishing that. So it means that in Europe, you're not allowed to, or you're not supposed to, my under, I should qualify this a little bit, my strong understanding, but I'm not a hundred percent certain is you're not supposed to authenticate a card, not present transaction an e-commerce card, not present transaction without the authentication on the second step, which 3D Secure Josh is your understanding roughly about the same as mine on that?

Josh Cohen:

Yeah, it's the fact that three, the 3D Secure rails are the, that's the only way to do the two factor authentication which is required for e-commerce transactions, as a result of the PST two directive.

David Goodale:

If you.

Josh Cohen:

it's the, it's the only way it's not like the most popular, that's the only, it's

David Goodale:

The only one. Okay. Thank you for that. If you're a European merchant for your European merchants, you can't have the option of just dismiss the, that challenge. It's like, If you're European, you must show the challenge window.

Josh Cohen:

Yeah. as the, I worked for pay sort of, as this process kind of be came more and more adapted, but basically, there would be different countries that all of a sudden the merchant can't approve any transaction. So then they need 3DS. Um, so it's, I think pretty much everywhere in the, in the EU now it's like, you need 3DS. You need to show the challenge. otherwise you can't process credit card transactions.

David Goodale:

That's right. Unless it's a virtual terminal transaction where the merchant is keying in, on behalf of the card holder.

Josh Cohen:

I think so, I don't even, I actually, I don't even know about the virtual terminal

David Goodale:

A virtual terminal to anybody watching. It's just like, it's where the merchant keys, the card data in, on behalf of the card holder. There is no second layer of authentication there that's I actually do know that, so I can, I can speak to that.

Josh Cohen:

Okay. Um.

David Goodale:

Awesome. Something interesting. I'm wondering If you've ever heard of this, I'm just going to talk about a personal experience that I have. I had a merchant that was using 3D Secure two. They have a high risk product. It was the merchant that was selling kind of the in video game stuff. it was very high risk, but they were, were quite happy with 3D Secure. what was interesting is they still got a big pile of chargebacks fraud, reason code chargebacks, which shouldn't have been possible. So what we ended up doing, this is just a tip for anybody that's using 3D Secure is we opened a file with visa and basically said, WTF, like this is not really *laugh*. So, and it's interesting card issuers in my experience, don't always comply with the rules they are obligated to comply with. If you are using 3D Secure, and it's a fraud reason code chargeback, you should push back on that. I don't know If you've ever heard of that, Josh, but I actually did see it happenn to a merchant. You might not because you're not on the processing side of the business, but in the end, they were made whole, and it did protect the merchant when the dust settled.

Josh Cohen:

That's really interesting. Um, well, I am on the client side of processing. So when somebody who I just sold a product that will prevent chargebacks gets a bunch of chargebacks. I'm definitely made aware of those situations, but typically it's an integration issue that's causing that. If everything is set up properly, meaning the gateway is compatible to accept RDS and the platform, the processing platform behind that gateway is also compatible. a transaction gets 3D Secured, whether it's status a or Y and all the fields are passing properly. The reason code is fraud. There is no chargeback. I would potentially, I wasn't in that conversation, but yeah, it's, If you're getting a chargeback on a fraud reason, could there's something from an integration perspective, that's incorrect.

David Goodale:

Yeah. Actually what it was, sorry to cut in there. Sorry, go ahead. I, in this case, the integration was proper. It's just the issuers dropped the ball. They did win it, but basically it was an example. This is probably just a good tidbit for people to know, even when you do everything right. Sometimes other parties, particularly the issuers can make mistakes. 3D Securities, it did protect them. It just, it took, they, they had, they not had it. They would have lost all those chargebacks. It was many thousands of dollars. In fact, it was a good, it was a happy news story in the end. It was just, it was just interesting. this actually should is a good time for me to point out that 3D Secure doesn't prevent all chargebacks. Um, right. Josh, it's just, it's the reason code of fraud. Is that, is that correct?

Josh Cohen:

Yeah. for visa that's 10, 10, 4, and the MasterCard MasterCard has two reason codes, 48, 37, 48 63.

David Goodale:

And these would be basically not authorized cardholder, not authorized type transactions.

Josh Cohen:

Yeah. Like cardholder does not recognize or unauthorized transaction or fraud. All those reason codes are protected. Perfect. kind of going back to your first story about how it's so easy to just call the bank up and, and, and, and make up some kind of narrative or some story that someone stole your credit card. When you obviously made the transaction, that's the culture that we live in, where the bank is just like the money machine. You can just call up and get your free money. Mm-hmm so 90%, 80, 90% of the chargebacks that I've, that we see with our clients are due to these fraud reason codes, because that's the easiest way to get your money back from the bank. Just say, Hey, I didn't authorize this. You got the, you got the money back.

David Goodale:

You know, it's so true. listen, I always say like 99% of people, I think the world is a better place than people think it's the problem that like the 1% of people that are jerks can really cause things *laugh*, here's a funny short story. What, when I first got into e-commerce payments, like bazillion years ago, I wanted to go through the process of PHY selling a physical product. I had a website, beanbag chair, selling leather, beanbag chairs. I imported them from Brazil 20 years ago. I was a gamer and I wanted a beanbag chair that wasn't like a four, a 12 year old Walmart beanbag chair. They were really cool. Like they were ginormous leather beam bag chairs. I wouldn't be interested today, but I was very interested 20 years ago, but I sold them and I'll never forget. I got this request one time I sold a leather beam back chair, and like six years later, I got a call from someone one time and they're like, hi, I'm going to be sending my chair back for a refund.

David Goodale:

And I'm like, okay, what, what, what's your order? And I look it up and it was like six, five or six years previous. I'm like, where your order was like six years ago. They're like, yeah, I know I'm going to go ahead and return that now. Um, we didn't use it that much and I could use the money. I'm like, well, *laugh*, you did use it for half a decade. I don't know that I can return your money, but they, like, If they had any option, I like I was on the phone with someone completely unreasonable and I'm not listen. This person might have been in a desperate situation. If you're trying to refund things from five or six years ago, you're probably in a pretty desperate situation. I shouldn't make two lighted situation. But in fairness to me as a business owner, it's like, sometimes you deal with people that are unreasonable and you're right.

David Goodale:

The card issuers, going back to original point, the card issuers made it way too easy. They were way too cardholder friendly and the merchants were getting burned left right and center. I would call 3D Secure the great equalizer on that front. I think it's a super important service, especially for merchants got a high risk or a high ticket. I here, Josh, I'm going to ask you a question, what type of merchant should implement, sorry, my rants almost over, what, what type of merchants should use 3D Secure in particular? Like what are the merchants that should definitely be using 3D Secure?

Josh Cohen:

definitely anyone with the chargeback ratio over 1%

David Goodale:

That makes, and I would also throw out there, like, so If I have a merchant that sells pencil crayons and another merchant that sells Rolexes, If you're selling the Rolexes use 3D Secure.

Josh Cohen:

I just would caution the Rolex because there are the visa has a program called the visa fraud monitoring program. If the merchant exceeds a certain dollar amount of 3D S fraud, and also that 3D fraud is at a certain, ratio of, like a certain threshold of RA of ratio compared to its 3D approved transactions. Then they do get into a fraud program, which is not good for the merchant. yeah, authenticating $30,000 watches, obviously, depending on the volume, because it's a ratio, but it, it could potentially not be a good fit for someone selling road Lexus, but someone selling smaller ticket items, anywhere like $50, a hundred dollars, $200, even up to $500. Yeah. Their, and their fraud ratio is over 1%. They definitely use 3D Secure.

David Goodale:

Let's talk about that a little bit more because the fraud ratio, I'm going to assume that there's a merchant, the same merchant owns two businesses because I don't, I want to take the human part of it out of it. Okay. There, in the sense that they approach each business ethically and responsibly, and with when they're selling pencil crayons, like decorat could of like calligraphy pens that are $200 a pen, that's a good example. Then they're also selling Rolexs, I'm just going to roll. Keep on going with Rolexes here. I, If it was me, and maybe you can clarify this for me, because the risk of the risk of you sell a $200 pen and your cost is 150, your, your real loss is $150, which stinks mm-hmm , but that doesn't hurt so bad, but you lose a $30,000 Rolex. Well, that's a couple of nights' sleep, couple hard, stiff drinks. I forget about that one. like wouldn't 3D Secure, be a better fit for those merchants, assuming that you approach, like you're not haphazard about your orders, but you mentioned a 3D Secure chargeback, but you can't get a 3D. I just want to better understand your advice there. It was actually quite interesting to me.

Josh Cohen:

Yeah. The the 3D Secure chargeback concept, it's a thing. The merchants don't get chargebacks on fraud, reason codes that are protected with 3D Secure, but they are technically still disputes that customers are calling their banks with and filing, and they do get resolved, but it's the issuing bank that pays the bill. visa keeps track of these disputes. If a merchant has too many 3D Secure disputes from a dollar amount perspective, and, and both criteria need to be satisfied and a, a threshold perspective, then that merchant gets put into a program. But I would imagine someone selling Rolexs has probably a high cap If they're doing, If they have a significant watch business and they probably will only get like one chargeback, but it's a painful chargeback mm-hmm . So it's, it could be that it is a good fit because that one chargeback only represents, whatever 10 basis points of their overall fraud exposure mm-hmm . In which case I would definitely use 3D Secure, but it is something to be aware of. I would consult any high ticket merchant, from a numbers perspective to see what kind of fraud exposures they have before recommending 3D Secure to them.

David Goodale:

That's so, so interesting. I genuinely so, for anybody that might not totally understand what Josh is saying, visa, MasterCard do monitor chargeback rates on merchants, and even on payment processors, anybody who's getting too many disputes, that's a bad thing. what Josh is saying is that you might be winning your chargeback. You might not be seeing the chargebacks, but If too many disputes come in, even though you're winning visa is basically saying, Hey, 3D Secure is protecting you, but we're not happy with how many disputes you're getting. Is that a good summary, Josh?

Josh Cohen:

Yeah. How many and, and what percentage of your overall business they represent?

David Goodale:

That's right. I would still say If I had a Rolex merchant, If I was a Rolex merchant, you better believe I'd be signed up at, *laugh* The first minute of the day. I do not want the bigger, the ticket to me, the more you want to be protected. I actually, I would rather make visa, MasterCard upset at me and go on a monitoring program that I would want to eat those losses. as a payment processor, merchant accounts.ca If you have an issue comes along, like, it's not like Visa's the hammer of God falling outta this sky. Sometimes it seems that way, but there's reasonableness to it and it'd be more like, what are you doing? How are you rectifying this pro like to merchant, I would say, protect yourself and Josh, your service at pay for high ticket merchants, I think is actually a really, like, it's probably the best service that high value, high ticket value merchants can implement because you don't want to eat those losses.

Josh Cohen:

Yeah, definitely. Yeah.

David Goodale:

That's interesting, you just threw a curve ball at me. I learned something. Thank you for that. Is there anything else that we should know about 3D Secure or 3D Secure version two or not, but I'm going to just throw it over to you If you have any more advice there.

Josh Cohen:

Um, I think we covered pretty much everything.

David Goodale:

Josh. I know people might be interested in learning more about pay. Maybe you could tell people where to go, how to get in contact with you or the company.

Josh Cohen:

Hey, good. Our website, paay.co for more information, or you could email me josh [at] paay.co.

David Goodale:

Perfect. I'm going to put the hyperlink in the description. Josh, this was super interesting. I am almost certain that If anybody came into this video, not knowing a lot about 3D Secure, they would've learned a lot. I really appreciate you taking the time and helping us out today.

Josh Cohen:

Well, thanks for having me, David. It's been a pleasure.

David Goodale:

Perfect. Thanks Josh.

Can I Help Lower Your Processing Fees?

If you found this content helpful, will you give me the opportunity to quote on your business?

View Rates

About the Author

My name is David Goodale, CEO at Merchant Accounts.ca. I launched our business in 2001 and have over 20 years of expertise in the field of online payments. If you have a payments related question or project, and especially if it relates to multi-currency or international e-commerce don't hesitate to contact me. I'm always happy to help with an honest opinion, and enjoy chatting with folks from interesting businesses.

Toll free: 888-414-7111 ext. 5
Direct: (905) 901-2254
david.goodale@merchant-accounts.ca

Return to News & Blog