How an acquirer and processor can help you recover declined transactions and streamline the authentication flow
The role of an acquirer and processor in the authentication flow
What does working with a PSP that is acquirer & processor mean?
3DS (3D Secure) is an important protocol used by SCA to authenticate online payments. Originally developed by Visa, it was later adopted by other payment schemes such as Mastercard. 3DS1 and 3DS2 are different versions of the 3D Secure protocol. Overall, 3DS2 provides a more modern and user-friendly authentication experience than 3DS1 while maintaining a high level of security.
Although 3DS does it's job effectively, it's still a cause of friction in the checkout. As noted in article 3, the conversion rate of 3DS payments lies between 75-83% in most Western markets, which means that roughly 1/5th of all 3DS payments fails at the authentication stage.
An acquirer & processor has significantly more control over the payment and authentication flow. By leveraging SCA exemptions and ensuring compliance with SCA requirements, acquirers can help their merchants navigate the complex authentication landscape, and provide a seamless and secure payment experience to consumers while minimizing the negative impact on conversion rates.
MultiSafepay, as an acquirer & processor, is able to weigh the possible risks associated with any transaction within milliseconds, thanks to a powerful risk assessment tool that helps identify the authentication path with the highest probability of success, while keeping friction for the consumer to a minimum.
In practice, this means that when a transaction occurs, we’ll either guide it towards an SCA authentication flow or an exemption flow.
Let's see both the cases:
- In the 3DS flow, the role of an acquirer & processor is to provide the issuing bank with all the required data (such as the value of the transaction or the customer behavioral history) to help the issuer give the final go or no-go for the transaction and determine whether a 3DS verification is needed. Collecting the best data possible is crucial, as it helps to increase the chance of a frictionless 3DS authentication flow.
- The alternative to a 3DS flow is an exemption. Some transactions qualify for exemptions due to their nature, such as them being initiated from outside the European Union. Others qualify due to certain valuables, such as a low order value or them being considered low risk. In the end the issuer has the final say whether an exemption is accepted or not, but an acquirer and processor is instrumental in providing the data and even the option for a potential exemption.
On the other hand, the acquirer & processor also plays an important role in the liability shift in case of fraudulent transactions.
As we mentioned in the previous article, if an SCA exemption applies and the transaction is not subject to 2FA, liability for chargebacks due to fraudulent transactions shifts to the merchant.
In this case, an acquirer & processor such as MultiSafepay acts as the only intermediary between the merchant and the card scheme. And although our risk analysis tools do not provide total immunity from fraud, they serve as an additional, robust layer of security to verify whether a transaction qualifies for an exemption.
If a transaction qualifies for an exemption and turns out to be fraudulent, liability will lie with the merchant. But relying on a payment partner like MultiSafepay means being able to use SCA exemptions to their full potential, while minimizing risk.
What an acquirer & processor can do: 6 scenarios
By diving into six different processes step by step, let's clarify the powerful role of an acquirer & processor like MultiSafepay in the authentication flow.
<h6>1. Frictionless 3DS</h6>
- The customer initiates the online payment and the acquirer & processor detects that the credit card is enrolled in 3D Secure protocol.
- The acquirer and processor provides the issuer with all the information associated to the transaction for judgment and, based on data, qualifies it for a frictionless 3DS authentication.
- The card issuer follows the acquirer’s assessment of low risk, agrees with it and qualifies the transaction as a frictionless 3DS transaction.
- Once the issuer authorizes the transaction, it sends the authorization response to the acquirer & processor.
- The transaction gets the green light, and the acquirer & processor immediately informs the merchant.
- The transaction is now completed.
<h6>2. 3DS Authentication </h6>
- The first steps are similar to Frictionless 3DS ones. The customer initiates the online payment and the acquirer & processor detects that the credit card is enrolled in 3D Secure protocol.
- The acquirer and processor provides the issuer with all the information associated to the transaction for judgment.
- Based on data, the issuer requests an authentication to verify the customer’s identity.
- In this case, the payment is routed towards a 3DS authentication, and the customer is redirected to a page where he can use various authentication methods (such as biometrics) to confirm his identity.
- Once the identity is approved, the issuer validates the authentication.
- The transaction is moved to the authorization stage, where the issuer determines this transaction is accepted.
- The acquirer & processor receives the communication that the transaction is approved and informs the merchant.
- The merchant can finalize the order and redirect the customer to the order confirmed page.
<h6>3. Recurring payments </h6>
- When the customer signs up for a recurring subscription and provides his credit card details, the acquirer & processor needs to verify them. As this is the first transaction in this regular payment setup, the scheme requires it to be 3DS authenticated.
- After the customer confirms his identity in the 3DS authentication page, the issuer validates the authentication.
- The card issuer checks whether the transaction qualifies and sends the result to the acquirer & processor.
- The acquirer & processor receives the authentication response, confirming the successful setup of the recurring subscription. The customer is informed about activating his subscription, and his card is now registered as a card-on-file.
- For the following recurring payments, the acquirer & processor charges the customer's card automatically, with no further 3DS verification needed. It sends a recurring authorization request to the issuer to indicate the renewal – which the issuer approves without 3DS.
- After the first transaction, the card details can be safely stored as a token, which an acquirer & processor like MultiSafepay can use for repeat purchases.
<h6>4. Transaction Risk Analysis (TRA) exemption</h6>
- Our Sentinel plays an essential role in this process. Once the customer initiates the payment, with our Sentinel enabled, the key data associated with the transaction is scanned by our extensive fraud filter.
- Based on various parameters, our platform decides that the transaction qualifies for a TRA exemption.
- The issuer agrees with our low-risk assessment, and the transaction is approved as a low risk (TRA) transaction.
- The issuer has the final say whether the transaction can be carried out. Since our risk engine focuses entirely on providing optimal safety, the issuer authorizes the withdrawal.
- The acquirer & processor receives the authorization response from the card issuer, indicating the transaction is approved.
<h6>5. Transaction Risk Analysis (TRA) soft-decline </h6>
- The customer initiates the payment, and with our Sentinel enabled, the key data associated with the transaction is scanned by our extensive fraud filter.
- Based on various parameters, our platform decides that this transaction qualifies for a TRA exemption. We forward this to the issuer.
- The issuer disagrees with our assessment and requests 3DS authentication.
- We receive the decline from the issuer and move this transaction towards the 3DS authentication flow, processing it as a soft-decline.
- As we move the customer towards a 3DS authentication, he is prompted to verify his identity. The customer successfully authenticates the payment, after which we move the transaction to the issuer for authorization.
- The issuer checks whether the transaction can be carried out and authorizes the withdrawal.
- We receive the authorization response from the card issuer, indicating the transaction is approved.
In this scenario, another of the main advantages of collaborating with an acquirer and processor is highlighted. If the issuer decides to impose a 3DS verification, even though our risk engine provides optimal security for TRA exemptions, we can still redirect the transaction flow to a 3DS authentication. Where a non-acquirer & processor provider might get a rejected transaction, we operate to minimize the impact on the consumer.
<h6>6. Low Value Payment (LVP) exemption </h6>
- The customer initiates the payment, and with our Sentinel enabled, the key data associated with the transaction is scanned by our extensive fraud filter.
- The transaction value is below € 30, so our platform decides that this transaction qualifies for an LVP exemption.
- The issuer detects that this is the 5th time that a transaction on the customer’s card is routed towards an LVP exemption. As the issuing bank is the one that keeps track, they return a soft-decline to us, prompting for additional authentication.
- We receive the soft-decline from the issuer and move this transaction towards a 3DS authentication.
- The customer verifies his identity and authenticates the payment. We move the transaction forward for authorization by the issuer.
- The issuer checks whether the transaction can be carried out and authorizes the withdrawal.
- We receive the authorization response from the card issuer, indicating the transaction is approved.
LVP exemptions allow to speed up transactions for smaller amounts. However, every fifth transaction, or when the cumulative amount since the last authentication is more than €100, the issuer requires a 3DS authentication. Thanks to our status as an acquirer & processor, we can handle this return as a soft-decline, quickly moving to 3DS authentication, without the customer noticing it.
Once again, the intervention of the acquirer & processor is aimed at reducing the impact on the consumer.
The benefits of choosing an acquirer & processor
Better customer experience, secure and faster authentication processes, and higher conversion rate.
The merchant who relies on an acquirer & processor PSP like MultiSafepay chooses not only a partner that can handle credit card payments in total security but also one that knows how to direct each transaction towards an authentication path that is as user-friendly and frictionless as possible. It translates into fewer failed payments and greater consumer trust.
Moreover, by acting as the only intermediary between the merchant and the issuing bank, the acquirer & processor relieves the merchant of any concerns regarding compliance and security processes.
Ready to grow your business by optimizing your card transactions?
Let us help you to improve and make your authentication flow easier and 100% compliant with SCA requirements.
Download our new SCA whitepaper and find our solutions to minimize security risks.