Frictionless vs. Challenge: Understanding the Two Sides of 3DS Authentication

If you're evaluating 3D Secure for your business, you've probably heard the terms "frictionless" and "challenge." Understanding the difference between these two authentication flows is essential because it directly impacts your conversion rates, customer experience, and fraud protection.

The Frictionless Flow

In a frictionless transaction, the cardholder's bank reviews the risk data and approves the transaction without any additional action from the customer. The entire authentication happens behind the scenes in milliseconds. The customer clicks "buy," and the order goes through — no pop-ups, no codes, no extra steps.

This is possible because EMV 3DS sends 150+ data points to the issuing bank: device fingerprint, browser details, IP geolocation, transaction history, behavioral signals, and more. When the issuer's risk engine determines the transaction is low-risk based on this rich data, it approves it frictionlessly.

Under well-optimized implementations, up to 85% of transactions can be approved frictionlessly (Source: Market.us, 2024). The global average is around 64% across 37 countries, with some issuers routing 100% of their 3DS transactions through frictionless flow (Source: Ravelin, 2024; Stripe, 2024).

The Challenge Flow

When the issuer's risk analysis flags a transaction as higher-risk, it triggers a "challenge" — the customer must complete an additional verification step. This typically involves:

A one-time passcode (OTP) sent via SMS or email
Biometric verification (fingerprint or face recognition) on their banking app
Answering a security question from their bank

Interestingly, 68% of 3DS transactions are now verified through biometric methods like fingerprint and facial recognition, up from 25% five years ago (Source: Future Market Insights, 2025). This makes the challenge experience significantly smoother than the old password-based 3DS 1.0.

Why the Split Matters

The frictionless-to-challenge ratio directly affects your bottom line:

Conversion Impact

Under the old 3DS 1.0, 15-25% of customers abandoned during the authentication step. With modern 3DS 2.0, frictionless transactions see abandonment rates as low as 2-5% (Source: 2Accept). Visa reports that 3DS2 delivers 70% less cart abandonment and 85% faster checkout times compared to 3DS1.

Both Flows Provide Liability Shift

This is the key point many merchants miss: both frictionless and challenged transactions receive liability shift. Whether the customer sails through without friction or completes a verification step, the fraud liability moves from you to the card issuer. That protection covers fraud-related chargebacks, which represent more than 70% of all ecommerce disputed transactions (Source: GPayments).

How to Maximize Your Frictionless Rate

The quality and quantity of data you send to the issuer is the single biggest factor in your frictionless rate. Visa's data field mandate shows that providing required data fields yields a +57% frictionless rate lift (Source: Visa, 2024). Here's what matters most:

Send complete data: The more data points you provide, the more confidence the issuer has to approve frictionlessly
Choose the right 3DS provider: Your provider should maximize the data collected from each transaction
Monitor and optimize: Track your frictionless rate by card brand and issuer to identify optimization opportunities

PAAY collects 150+ data points per transaction — device intelligence, transaction context, and behavioral signals — to give issuers the richest possible picture for their risk decisions. to see both flows in action.