Preventing Fraud with Discover ProtectBuy
Fighting ecommerce fraud is a collaborative endeavor. While there is a lot that merchants can do on their own to detect fraud and protect themselves, it can be a big help when other stakeholders in the payments ecosystem provide tools and resources that stop fraud at points in the transaction process that are beyond the merchant's control.
For merchants who accept Discover cards, the ProtectBuy service can be an effective way to block fraudulent transactions before they can be completed. What is Discover ProtectBuy, and how can it help merchants avoid fraud and chargebacks?
The Discover card may not be as widely used as Visa or Mastercard, but the chargeback laws outlined in the Fair Credit Billing Act are equally applicable to every card brand. If you accept Discover, you can expect to receive Discover chargebacks, and the proprietary anti-fraud solutions offered by Visa, Mastercard, and their third-party vendors will be of no help there.
Fraudsters are always on the lookout for weak points in an otherwise secure system, so leaving a particular card brand less defended can make you vulnerable to targeted attacks from savvy cybercriminals.
Discover ProtectBuy is Discover's implementation of the 3D Secure service, which detects and blocks fraud attempts while the customer is attempting to complete their transaction. By making use of ProtectBuy, merchants can increase their anti-fraud coverage and prevent unauthorized transactions that would otherwise lead to costly and damaging chargebacks.
What is Discover ProtectBuy?
ProtectBuy is a service that is designed to prevent credit card fraud. It’s based on 3D Secure technology, a security protocol adopted by all of the major card networks. Any merchant who accepts Discover can choose to enroll in the service and start taking advantage of the protection it affords.
Here’s what happens when a customer places a Discover card transaction while ProtectBuy is active:
Once the cardholder provides their payment information, their data is sent to ProtectBuy for immediate, real-time analysis. ProtectBuy will evaluate the customer’s location, device, purchasing patterns, and other contextual data to make a determination as to whether or not the transaction is likely to be fraudulent.
If nothing looks suspicious, ProtectBuy will instantly approve the transaction and the customer will proceed to the order confirmation page with no delay or interruption to their checkout experience.
If ProtectBuy’s fraud detection algorithm thinks something isn’t right, the customer will be sent an email or text message that contains a temporary identification code. They can then complete the transaction by entering the code in a ProtectBuy pop-up window. This does cause a small amount of checkout friction, but only a small percentage of legitimate transactions will trigger this process.
The vast majority of online credit card fraud involves payment card credentials that have been stolen in data breaches and traded in bulk on the dark web.
Fraudsters know that credit card fraud is a numbers game, and they might have to cycle through dozens of different card numbers before finding one that hasn’t already been reported stolen. They almost never have access to any specific victim’s email address or personal devices, so ProtectBuy will stop them in their tracks when it asks them to enter a code that has been sent to the contact channels the cardholder has on file with Discover.
What is 3D Secure Technology?
ProtectBuy is Discover’s version of 3D (Three Domain) Secure technology, a protocol developed to provide additional security for online credit card transactions. Every card network offers it—whether you know it as Verified by Visa, Mastercard SecureCode, or American Express SafeKey, it’s all 3D Secure under the hood.
The three domains in 3D Secure refer to the merchant and their acquirer, the issuing bank, and the system of interoperability that allows them to negotiate transactions. The protocol requires the merchant to use a software plug-in that allows for communication with the issuer (in ProtectBuy’s case, this will be Discover Bank) during the transaction process.
The merchant sends the customer data to the issuer through secure channels, the issuer authenticates the customer via the transaction code, and provides a response telling the merchant whether or not to proceed with the transaction.
The original version of 3D Secure used static passwords instead of the one-time transaction codes introduced in version 2.0. The newer version also offers frictionless technology, which allows issuers to assess fraud risk through customer data analysis and require transaction codes only from customers who are deemed to be high risk.
This version of 3D Secure meets the standard for strong customer authentication required by law in some markets, such as the EU, and can greatly reduce fraudulent transactions and authorization-related chargebacks.
Are There Any Downsides to Discover ProtectBuy and 3D Secure Technology?
The only notable downside to 3D Secure implementations like ProtectBuy is that they can cause some unwanted checkout friction. Customers unfamiliar with 3D Secure may become confused or impatient when the ProtectBuy window pops up and abandon their cart. However, since ProtectBuy takes advantage of 3D Secure 2.0’s frictionless technology, most customers won’t even realize that the merchant is using it.
Merchants do need to keep in mind that ProtectBuy and services like it cannot prevent all types of fraud.
Account takeover, friendly fraud, and other attacks that do not rely on the use of stolen card credentials can’t be stopped with ProtectBuy. It’s also possible for sophisticated fraudsters to spoof cardholder identities and evade detection, so it’s always important to use multiple anti-fraud tools that work for you and not be reliant on any one single method.
ProtectBuy and other services based on 3D Secure can be powerful resources in a merchant’s fight against fraud and chargebacks. Backed by the card networks and implemented by the issuer, these services will easily thwart the average credit card thief and prevent the true fraud chargebacks that inevitably result when unauthorized purchases are made.
Just remember that while it’s essential to have defenses that proactively eliminate the threat of true fraud, these only represent a portion of the chargebacks merchants typically receive—many chargebacks are caused by friendly fraud or by preventable errors. To mount a truly effective defense, you need to determine the root causes of your chargebacks and develop ways to address every different type.