Asaf Yacobi Sep 29, 2020 8 min read

Revelock increases the accuracy of 3D Secure online fraud detection

With Revelock’s unique behavioral biometric customer identification capabilities, risky transactions can be rapidly and safely approved or denied, minimizing chargebacks while not getting in the way of legitimate transactions.

What is 3D Secure – and why isn’t it secure enough as it is?

3D (Three-Domain) Secure, is a payer authentication system designed to minimize online credit and debit card transaction fraud when making Card-Not-Present (CNP) transactions, engineered by Visa (‘Verified by Visa’) and MasterCard (‘MasterCard SecureCode’.)

Although 3D Secure is fundamentally a three-step process, requiring three parties to complete a transaction – the issuer, the acquirer and the interoperability domain – a fourth step is often employed to aid in the online fraud detection process and further analyze the users behind suspect transactions.

When using a 3D Secure-enrolled credit or debit card, the user enters card information into a payment form, the card issuer verifies their customer ID using any number of identifiers to determine the level of risk and either accepts or denies a transaction.

There is a third case, however, when the risk is ‘undetermined’ – for example a valid customer using a new device to make an online purchase the payment processor doesn’t recognize.


Declining all questionable transactions is bad for business, while approving them without additional checks creates chargeback risks for card issuers. Traditionally, when the card issuer opts to carry out a further check, it pushes a verification page to the customer’s web browser to notify them that a one-time password will be sent to their registered mobile device to verify their identity.

But with one-time passwords the prime target for SIM swappers and other user manipulation techniques, this method is far from failproof. While the 3D Secure system is compliant with the EU’s Strong Customer Authentication regulation, it can be further improved to benefit card issuers, merchants and customers alike.

This is where buguroo steps in.


Behavioral biometric analysis makes 3D Secure failproof

When Revelock’s behavioral biometric solution is added into the verification step of the 3D secure process, it enables card issuers to accept legitimate transactions initially deemed too risky with utmost certainty, thereby limiting chargeback liability and not losing the sale for the eCommerce business or the transaction processing fee. It does so without burdening the customer, compromising banking customer loyalty or adding friction to their transaction or online banking experience.

Uniquely, Revelock’s 3D Secure offering – which is part of buguro’s customer identification and anti-fraud solution – focuses on behavioral biometric analysis technology, specifically, keystroke analysis, to boost online banking fraud detection.


Should a user need to verify their identity as part of the 3D Secure process, the card issuer will require them to enter a one-time password as well as a short string of characters – such as their email address – into the verification page.

At this point, buguroo analyzes the keystrokes entries to determine if it matches the cyber profile, or ‘bionic ID’, of a legitimate customer or a known fraudster. Since buguroo builds a complex ‘cyber DNA’ for each user – including fraudsters – it can compare all collected data against known good and fraudulent users to deliver an additional transaction risk determination to the card issuer.


How Revelock keeps frictionless banking customer experiences at the heart of 3D Secure verification

Efforts to supplement the risky transaction verification step of the 3D Secure process that are already available fall short of buguroo’s customer authentication capabilities and customer experience promise.

Solutions that aim to verify customer identities beyond device, network and account linkage are either ineffective at generating or analyzing enough additional signals to accurately identify a customer, or are not fast enough to ensure an acceptable customer experience level.

Revelock’s stand-alone industry solution is a pioneering and customer-friendly way to remove unnecessary roadblocks from the 3D Secure verification process.

Revelock’s 3D Secure verification delivers fast, accurate and transparent customer identification at the point of additional authentication via advanced fraud detection and behavioral biometric data analysis. When integrated into a 3D Secure system, it analyses keystroke dynamics looking for anomalies and any associations with known users or fraudsters.


Its anonymized user data technology ensures compliance with cybersecurity industry data protection standards such as the European Union’s Strong Customer Authentication laws, PSD2 and GDPR.

Read our full announcement here – or get in touch with your questions and learn how we can make 3D Secure a customer-friendly and fraud-free experience for your customers!


Asaf Yacobi

Asaf is Solutions Architects Director at Revelock. He has over a decade’s experience working with market-leading financial crime prevention vendors. His wealth of industry knowledge stems predominantly from his most recent position with IBM Trusteer, where he served as Regional Presales Manager EMEA, as well as his work with NICE Actimize, where he worked across roles including technical implementation leadership, business development, and system engineering across APAC and EMEA.