3DS Jumps on the Risk-based Band Wagon and RSA says “Thank You”

By Rueben Rodriguez, Principal Product Marketing Manager, RSA Identity Protection & Verification

I’m glad to see the 3DS (3D Secure) industry is finally catching up with RSA’s risk based strategy to address the consumer need for ease and convenience, while helping to protect customer PII as they shop on-line.   Because when it boils down to what cardholders want and what card issuers need; if it doesn’t work neither side will be willing to use it!

Case in point:  When you are shopping on-line and ready to check out, why don’t you have to input a username and password anymore… you know, the 3DS Verified by Visa, MasterCard SecureCode, or American Express SafeKey services?  The answer lies with how card issuers are now choosing to authenticate their cardholders.

Authentication is *still* happening, but it goes unnoticed by most users because the authentication is risk-based and only transactions that are considered high risk will require additional verification, something RSA calls “step-up authentication.”  By using a risk-based approach during the check-out process, cardholders have a more positive shopping experience that is undisturbed (in most cases) while their transactions are being protected (in the background) by their card issuing institution.  Card issuers which use RSA’s Adaptive Authentication for eCommerce have been mitigating card fraud like this for years.  That is why I like to call this a “win-win” situation.

RSA pioneered the use of risk-based authentication for 3DS card transactions since 2004, where only high risk transactions would require a cardholder to enroll with a username and password. In 2008, RSA worked closely with our partner customers to drive an even more positive user experience by using out-of-band authentication for transactions which are deemed high risk.  And in 2012, RSA helped protect over 475 million card transactions for our card issuing customers.    Long gone are the days of the cumbersome username and password, now RSA’s card issuing customers can choose to further authenticate their cardholders by having their customers: enter static card details, answer out of wallet questions, or be challenged with an SMS one-time password.

I cannot help but mention it is stamp of validation to learn within the 3DS industry, the use of risk-based authentication is now the preferred method of authentication.  And for that reason, I would like to say “Thank You.”

Rueben Rodriguez is a Principle Product Marketing Manager within RSA’s Identity and Data Protection Group.  He is responsible for the Adaptive Authentication for eCommerce solution which helps protect customers against fraudulent card activity in the on-line world.   Rueben has worked for 20 years within the financial services industry helping financial institutions process, administer, and protect payment information.  Rueben holds a B.S. from California State University Hayward.