With card-not-present transactions, merchants are exposed to the risk of accepting fraudulent transactions. Within the credit card realm, a transaction is considered as fraudulent if the transactions are not conducted by the rightful owner of the credit cards, or cardholder does not authorize the transactions. When a fraudulent transaction happens, Chargebacks and Disputes follows - which typically when a merchant loses a chargeback or dispute case, merchants are obligated to return the sum of transaction amount back to the cardholder, regardless whether the products have been shipped or not.
One of the security measures that we give to our merchants are 3DSecure protections, in which when a merchant activates this feature, as long as the dispute resolution conditions are met (in terms of documents fulfillment), merchants will be protected from the liabilities above. Then, why would merchants require an additional screening from Fraud Detection System when 3DSecure are sufficient enough to protect them from dispute charges? Not to mention, 3DSecure enforce all customers to input a password first to authorize a transaction, shouldn’t it be safe enough?
The answer is that Banks and Principals actually do track each merchants’ ratio of fraud. Banks and Principals might consider excessive frauds occurring in a merchant as a signal that the merchant might be negligent in screening their transactions, or even abusing the 3DSecure protections. Hence, merchants with a high fraud ratio might cause the merchants to be put under Principal’s and Banks’s monitoring program, or even various forms of penalties.
3DSecure does not guarantee that a transaction might be 100% genuine as there are various discrepancies in implementation across banks and countries, and also exploitable loopholes such as social engineering schemes, lower level of security authentication process (such as the use of static password for authorization code instead of one time password), and many other possibilities. Fraud Detection system however, purely evaluates a transaction based on various conditions, such as the transaction behaviour norms in an industry, the recent fraud trends, existing fraud database associated with the currently active online crime rings, and many others.
With all the considerations above, we do not consider each of the measures as a substitute of each other. Instead, both Fraud Detection System and 3DSecure are employed in tandem to create a strong fraud filtering mechanism for all transactions that are processed by Midtrans.