Identity verification at online checkout is more widespread in North America than a year ago, but retailers in the region have not caught up to competitors in other parts of the world.

A growing number of retailers are authenticating shoppers’ identities when they make online purchases, a new study finds, but the percentage of merchants that do business only in North America that have adopted this extra checkout step still lags behind that of the group’s global counterparts.

More than a third—or 36%—of merchants that do business only in North America now use consumer authentication programs such as Verified by Visa and MasterCard SecureCode, which is up from 29% of the same subset that did so a year ago, according to new data released by CardinalCommerce and The Fraud Practice Inc. The Visa, MasterCard and other similar programs are based on the 3-D Secure protocol, a fraud prevention method that has cardholders tie their credit cards to an online password they must enter at checkout.

Worldwide usage of such authentication tools is at 41%, a rate that remained flat from the year before, but there are notable regional differences. Retailers that do business in one or more regions of the world but not in North America are more than twice as likely as those that do business only in North America to use this antifraud technology, with 80% versus 36% of retailers, respectively, using such programs, the report says.

The annual survey, titled “Use of Consumer Authentication in E-Commerce,” was conducted in October and November and included hundreds of global merchants, fraud and e-commerce vendors, payment providers, credit card issuers and card associations. The study was sponsored by CardinalCommerce, a provider of technology designed to authenticate the identities of online buyers that was recently was acquired by Visa, and The Fraud Practice, which offers consulting services, training and research on e-commerce payments and fraud prevention.

The premise behind authentication is to allow the merchant and the bank to ensure that a shopper is who she says she is. Mandates from regulatory organizations and governments abroad have driven widespread international adoption of consumer authentication. While the United States has lagged, it is starting to catch up, says Tara Lavelle, CardinalCommerce’s vice president of marketing.


Online retailers frequently collect personal data on customers who create accounts on their sites or make purchases. Financial institutions that issue credit and debit cards have even deeper knowledge of consumers’ spending habits, IP address and device usage, plus a multitude of other details. Cardinal’s payments services marry those data sets so that e-retailers and banks can process transactions with more confidence that purchases are legitimate.

When purchases are made online, they are classified as “card-not-present” transactions. Unlike in-store purchases, where the physical card is presented and the card-issuing bank absorbs the cost of fraud if it approves the purchase, liability for online fraud falls on the retailer. If online merchants opt to add 3-D Secure consumer authentication tools to their checkout process, they can shift the liability for fraud back to the bank under rules set by Visa and MasterCard.

But many online retailers have chosen not to ask consumers to enter a password for fear the added step would lead shoppers to abandon their purchases. CardinalCommerce has sought to gauge merchant sentiment on the matter and asked retailer survey respondents why they don’t use consumer authentication.


In survey results for the prior three years, concern that the technology hurt conversion rates was cited as the primary reason retailers declined to add a 3-D Secure-based authentication tool, the report says. But that’s changing. In this most recent survey, most merchants said the volume of online fraud attempts was too low to warrant the use of an additional step, with 17% of respondents citing this rationale. The No. 2 reason, at 15%, was concern about the impact consumer authentication might have on the user experience, and the third most common reason for skipping identify verification steps during online checkout, at 13%, was a perceived effect on sales.

The share of retailers who reported a negative impact on user experience from implementing consumer authentication fell to 25% from 38% in 2014, when the first survey was conducted, according to the report. The survey also finds that more than half of merchants not utilizing consumer authentication are “somewhat likely” or “very likely” to implement the services in 2017.

The consumer authentication report also finds:

  • 53% of merchants said consumer authentication is “highly valuable.”
  • 78% of e-commerce and fraud vendors now support mobile apps, up 12% from last year—a signal of recent growth in mobile commerce—and 70% now can handle purchases made on mobile websites.
  • 73% of e-commerce and fraud vendors actively sell consumer authentication services, up from 70% in 2015 and 55% in 2014.
  • Retailers in industries that typically are targets for fraud tend to require consumer authentication more often. Gaming came in at 67%, while 50% of merchants in auto parts and accessories, precious metals, health/beauty and jewelry said they use the technology.
  • Regional consumer authentication usage breaks down as follows: 57% of merchants in Africa, 50% in Eastern Europe, 50% in the Middle East, 49% in the European Union, 48% in South America, 39% in Asia Pacific and 36% in North America.