Main content

Home

Menu

Loading wiki pages...

View
Wiki Version:
**Background.** 3-D Secure 2.0 (3DS 2.0) is an identity federation protocol authenticating the payment initiator for credit card transactions on the Web. **Aim.** We aim to quantify the impact of factors used by 3DS 2.0 in its fraud-detection decision making process. **Method.** We ran credit card transactions with two Web sites systematically manipulating the nominal IVs **machine_data**, **value**, **region**, and **website**. We measured whether the user was **challenged** with an authentication, whether the transaction was **declined**, and whether the card was **blocked** as nominal DVs. **Results.** While **website** and **card** largely did not show a significant impact on any outcome, **machine_data**, **value** and **region** did. A change in **machine_data**, **region** or **value** made it 5-7 times as likely to be challenged with password authentication. However, even in a foreign region with another factor being changed, the overall likelihood of being challenged only reached 60%. When in the card's home region, a transaction will be rarely declined (< 5% in control, 40% with one factor changed). However, in a region foreign to the card the system will more likely decline transactions anyway (about 60%) and any change in **machine_data** or **value** will lead to a near-certain declined transaction. The **region** was the only significant predictor for a card being blocked (OR=3). **Conclusions.** We found that the decisions to challenge the user with a password authentication, to decline a transaction and to block a card are governed by different weightings. 3DS 2.0 is most likely to decline transactions, especially in a foreign region. It is less likely to challenge users with password authentication, even if **machine_data** or **value** are changed. **Acknowledgement.** This work was supported by the ERC Starting Grant Confidentiality-Preserving Security Assurance (CASCAde, GA no 716980).
OSF does not support the use of Internet Explorer. For optimal performance, please switch to another browser.
Accept
This website relies on cookies to help provide a better user experience. By clicking Accept or continuing to use the site, you agree. For more information, see our Privacy Policy and information on cookie use.
Accept
×

Start managing your projects on the OSF today.

Free and easy to use, the Open Science Framework supports the entire research lifecycle: planning, execution, reporting, archiving, and discovery.