Discover ProtectBuyHow Does 3-D Secure Technology Work on the Discover Network?
In a Nutshell
This chapter examines Discover ProtectBuy — the form of 3-D Secure technology native to the Discover card network — and how the company implements the technology. We’ll also discuss some of the benefits ProtectBuy offers, plus some potential downsides of its use, and more.
Discover ProtectBuy: How 3D Secure Works on the Discover Network
Discover ProtectBuy is the Discover-branded version of 3D Secure technology. It was designed to help banks, merchants, and processors authenticate and verify customers more efficiently and effectively with biometric technology.
But what does it offer your business? Read on to learn more.
3D Secure
Is 3D Secure the security solution you’ve been searching for or a one-way street to higher friction and abandoned carts? Here, we’ll explain everything you need to know about 3D Secure: what it is, how it works, how it’s branded differently across each card network, why you need it… and why it won’t be enough on its own.
How Discover ProtectBuy Works
ProtectBuy is a 3D Secure service specific to Discover, which implements real-time authentication software to verify credit card users before a transaction. This data can be leveraged to detect stolen cards, identify unauthorized users, and thwart fraud attempts before a transaction is made. Naturally, this technology helps merchants improve their antifraud and chargeback prevention efforts.
Approved transactions with Discover ProtectBuy work like this:
Phase #1 | Authentication Initiated
When a customer inputs their card information to make a purchase, this data is processed through ProtectBuy. The technology evaluates the cardholder based on their login credentials, location, and transaction history to determine the likelihood of a fraudulent transaction. This entire process occurs in just seconds.
Phase #2 | Transaction Approval
If the cardholder’s credentials check out, ProtectBuy’s algorithm will approve the transaction in real-time. After being authenticated and authorized, the cardholder will be seamlessly directed to the confirmation page without delay.
What if the credentials provided by the buyer don’t check out, though? Transactions declined by Discover ProtectBuy work like this:
Phase #1 | Authentication Requested
Same as above, the cardholder submits credentials that run through ProtectBuy for verification. The technology evaluates the cardholder to determine the likelihood of a fraudulent transaction. Again, this entire process occurs in just seconds.
Phase #2 | Authentication Email Trigger
Suppose the ProtectBuy algorithm cannot authenticate the cardholder’s credentials. In that case, the cardholder will be sent a temporary passcode via email or SMS that they can input into a pop-up field. This tends to happen if the cardholder is doing anything outside the norm, like buying in a far-flung locale that's thousands of miles from home. It may also happen if their identity cannot be verified, or they misspelled anything during the verification process.
Phase #3 | Authentication Decline
If the passcode is not imputed correctly by the individual attempting to initiate the transaction, or the code times out, the transaction will be denied, and an email explaining the reason for the decline will be sent to the cardholder.
It’s important to recognize that most cases of genuine credit card fraud result from stolen card information being bought and sold on the dark web. Cybercriminals can use card details acquired through data breaches, phishing attacks, identity theft, and ATO fraud to commit all sorts of criminal acts.
However, the credit card numbers they have access to are not foolproof. In fact, many fraudsters buy their stolen card numbers in bulk and try as many as they can at once, hoping one will work where ten might fail. That said, merchants who implement 3DS services with their regular fraud prevention systems can make the fraudster’s job much harder.
Benefits of Discover ProtectBuy
You can expect Discover ProtectBuy to help craft a truly winning fraud prevention strategy. When used in tandem with other anti-fraud programs (below), 3D Secure 2.0 technology is highly effective at identifying fraud before it happens.
By streamlining authentication during the checkout process, ProtectBuy can speed up verification and allow you to process more transactions while limiting exposure to disputes. Since 3DS can detect anomalies across so many data points simultaneously, it becomes much more difficult for cardholders to file fraud-related chargebacks. This can significantly reduce costs and losses and increase consumer confidence in your brand.
Potential Downsides to ProtectBuy
Discover ProtectBuy is an incredible and near-seamless technology. Still, it isn’t perfect.
While the system prides itself on its seamless capabilities, it can introduce friction at the secondary approval stage that can interrupt customers’ checkout process. Some legitimate customers might be put-off by pop-up windows and additional security measures and ultimately abandon their carts. While this isn’t commonplace, it happens often enough that you should consider ways to mitigate friction wherever possible.
Perhaps the more concerning issue is that 3DS is still largely ineffective against friendly fraud and other forms of first-party abuse. Since friendly fraud is a post-transactional act, committed by the actual cardholder, 3DS will be rendered useless in these cases. This is a serious concern because friendly fraud accounts for the bulk of merchant chargebacks.
Additionally, some advanced account takeover and synthetic fraud tactics can let fraudsters spoof 3DS software. This would allow fraudulent transactions to pass through the system undetected.
So, how can you combat both of these concerns and still get the most out of 3DS technologies like Discover ProtectBuy? The answer is to adopt a broader strategy to mitigate fraud.
Getting Started with Discover ProtectBuy
Merchants don’t implement ProtectBuy directly with Discover. Instead, enrollment happens through your payment processor, gateway provider, or acquirer; whichever handles your card-not-present transactions. If your processor already supports 3-D Secure, then adding ProtectBuy for Discover cards typically means a configuration update, rather than a new integration.
Start by confirming that your payment provider supports ProtectBuy. Most major processors and gateways offer 3DS services across multiple card networks. That said, coverage varies; if your provider doesn’t currently support it, you may need to request it or consider alternative providers.
Before activation, ensure your business meets baseline requirements. You must be PCI-DSS compliant, as ProtectBuy involves transmitting cardholder data through secure channels. Your payment environment should also support EMV 3DS (version 2.0 or later) to take advantage of frictionless authentication and risk-based decisioning.
Once enabled, test the integration thoroughly before going live. Your processor should provide a sandbox environment where you can simulate both frictionless and challenge flows to confirm everything works as expected.
For merchants with complex implementations or direct acquiring relationships, Discover recommends contacting your Discover account executive to discuss certification requirements and timeline. The certification process involves completing designated test cases through Discover's testing environment before production access is granted.
3DS: A Smart Addition to Any Fraud Prevention Strategy
3D Secure 2.0 technologies like Discover ProtectBuy work best as part of a multilayer fraud and chargeback management strategy.
Incorporating 3DS into a multi-faceted antifraud system can stop many fraud attacks in their tracks. Most fraudsters are unlikely to have all the data they need to combat these systems working in tandem with each other. That said, redundancies give you a tighter screening net, letting you identify more fraud attacks and generate better data.
For true risk mitigation, though, you need a customized, end-to-end solution that can deploy the right tools and tactics where they will do the most good.
Discover ProtectBuy is available to EMV-certified merchants (who can provide written certification verification) and is PCI-DSS compliant. Additionally, merchants who wish to implement ProtectBuy must support 3D Secure 2.0 technology, including terminal compatibility with all previous software versions.
If you’re interested in learning more about 3-D Secure—or any other aspect of chargeback management—contact Chargebacks911® today. We can show you how to take chargebacks off your plate and increase your ROI.
