Designing and Redesigning Your Payment Processing Strategy

Operating a successful business that accepts payments requires you to constantly have your head on a swivel, keeping an eye on a nearly endless number of variables. What customers are you marketing to and in which markets? What payment methods do you accept? What card brands? How many processors are you using? Do you need to set up a local processor to accept more local payment methods? How do you fight fraud or deal with chargebacks? How do you manage foreign exchange? Not only do you have to make these decisions at the start, but you have to regularly monitor your payments data to make sure you’re hitting your goals and identifying opportunities or issues that might require you to make some changes.

This can seem daunting, but you’re far from alone in harboring that sentiment; and thanks to Pagos, you never have to approach such a task unarmed or unsure ever again. 

In today’s blog, we’ll explore exactly how this process of decisioning, operating, and reassessing can play out in your payments stack, using a merchant’s real experience to set the stage. One of our customers recently used their payments data—aggregated, harmonized, and presented back to them by Pagos—to monitor and ultimately redesign their 3D Secure strategy in the United States. Even if your business doesn’t employ 3DS, you can use the approach outlined in this post to keep any aspect of your payment processing operations running smoothly in the most advantageous way possible for your bottom line.

Step 1: Making an Initial Plan

Before you can start using Pagos to find opportunities in your payments data for cost savings or revenue generation, you have to make some initial processing decisions. In this particular use case, the merchant in question had to decide how they wanted to implement and use 3D Secure technology. 3D Secure, or 3DS, is a customer authentication solution used to prevent fraud during card-not-present transactions. It adds an additional step to the checkout process, asking customers to provide a password, SMS code, or PIN to prove their authenticity before continuing with the transaction. 3DS is required in the European Union and other countries, but can be implemented in any market as a fraud-fighting tool. (If you’re interested in learning more, check out our 3D Secure guide in our Pagos Product Documentation.)

Thinking they wanted to do everything possible to fight fraud and keep chargeback volume low, the merchant decided to require 3DS checks on all transactions processed in the United States. 3DS isn’t mandated in the US, so they did this fully of their own volition. They knew the potential existed for the 3DS checks to cause just enough checkout friction to stop some customers from finishing their purchase, but they wanted to try. With a plan to review the data after 12 weeks, they adjusted their checkout process to require 3DS on all transactions made by customers located within the United States.

Step 2: Reviewing the Data

At the end of the 12 weeks, the merchant looked in two places for data: their own website traffic and their aggregated payments data in Pagos. To guide their analysis, they specifically sought data to answer whether or not the risk of requiring 3DS checks in the US (i.e. lost transaction volume) was worth the reward (i.e. decreased fraud attempts and the associated costs).

Looking at their website traffic through the checkout process, they could identify how many US-based customers dropped out of the flow when asked to authenticate with 3D Secure. To replicate this, you’d look at how many customers entered their payment card details, landed on the 3DS authentication page, and then left your site without continuing. Multiplying this number by your overall approval rate and average order value in the US (values you can see in your Pagos-harmonized data), you can estimate how much revenue the requirement for 3DS may have cost your business:

Customers who abandoned the checkout funnel (#)  x Approval Rate (%) x Average Order Value($)

We don't have access to the website data for the merchant in our example, so we can’t give exact numbers, but anecdotal evidence confirms the “risk” here was high enough that they sought a high “reward” (lower fraud) to make this continued practice worthwhile.

To determine the real value added from requiring 3DS checks from US customers, the merchant came to Pagos. Through our data aggregation and visualization platform, they were able to view all their payments data from each processor together in organized dashboards. One such dashboard is dedicated entirely to 3D Secure data, showcasing approval rates, decline code breakdowns, and more—all for only those transactions that underwent 3DS authorization. Filtering this dashboard to only show data for transactions made by customers in the US in the 12 week period (January 1 - March 24, 2024), they drew some immediate conclusions.

One of the major reasons the merchant chose to require 3DS on all US-based transactions was to cut down on attempted fraud as much as possible. In reviewing the breakdown of their declined 3DS transactions by the assigned decline code, however, we see a share of declines every week with the processor_risk_rule and decline_merchant_rule responses:

(Note: The pie chart is an overlay, added to this Peacock chart to help readers better visualize the decline code breakdown for one week in the test period. This pie chart doesn't appear in the 3D Secure dashboard.)

These declined processor_risk_rule and decline_merchant_rule transactions passed 3DS authorization, but were still declined by processor risk rules or the merchant's own defined fraud rules. In other words, passing 3DS doesn’t ensure the customer is a non-fraudulent party. Even more, the 3DS Approval Rate chart in the same dashboard demonstrated a low approval rate (~40%) for all 3DS-authorized transactions in the US across the test period, which is significantly lower than their approval rate in other countries:

Ultimately, they realized they were paying to perform 3D Secure checks and paying to process authenticated transactions that ultimately then often failed and resulted in no incoming revenue. This wasn’t sustainable.

Side Note: Depending on your Merchant Category Code (MCC), requiring transactions to pass 3DS checks can also result in a liability shift for any resulting fraudulent transactions from you onto the card issuer. Such liability shift lowers the overall cost of payment acceptance and can be another driving force behind a merchant’s decision to utilize 3DS. In this particular example, the merchant’s MCC wasn’t eligible for such a shift, so we didn’t include such cost savings in the analysis described above. 

Step 3: Making a New Plan

In this instance, the response was easy: stop or reduce requirements around performing 3DS authentications on transactions from customers based in the United States. The data didn’t support continuing this practice and the business was more than happy to reassess. Easy enough.

As you can imagine, it’s not always that cut and dry. You may find that a certain strategy works with one of your payment processors, but not with another. The same could be true of different payment methods or customer segments, as well as for you vs. other merchants. Fortunately, Pagos allows you to filter your payments data by any of those variables and so many more, meaning you can dig as deep as necessary in your analysis to draw a conclusion. Using our new Metrics page, we can even guide you to find the segments of your payments data that might carry the biggest opportunities (learn more in our previous blog post on Metrics).

Because of these complexities, you might not immediately know exactly what to do when making a new plan. That’s where we recommend A/B testing! In a series we recently published on payments optimization, we cited A/B testing as one of the 5 pillars of a successful payments optimization strategy. Because of the complexities of payments, it behooves your business to test something new on a segment of your incoming traffic and review the results in turn. In this example, the merchant may decide to require 3DS authentication on only a portion of their US-based traffic and then run the cost-benefit analysis again down the line, comparing the data across each segment to determine if removing 3DS requirements really is the right call.

Step 4: Repeat

In the ever-evolving landscape of payment processing, staying agile and proactive is essential. The cycle of designing a strategy, reviewing data, and making necessary adjustments is not a one-time task but a continuous process that must be repeated throughout the life of your business. Payment methods, customer preferences, and regulatory requirements are constantly changing, making it crucial to stay vigilant and adaptable. By consistently analyzing and monitoring your data and refining your approach, you can ensure that your payment processing remains optimized, secure, and efficient. Keep your head on a swivel, and remember that with tools like Pagos, you are equipped to navigate the complexities and maintain a dynamic strategy that evolves with your business needs.