Risk Based Authentication (RBA)

Risk Based Authentication (RBA) – How RBA helps you reduce your cart abandonment rate.

A cart abandonment rate is one of the biggest challenges of e-commerce.  Every year e-commerce brands record losses estimated at US$18 billion with cart abandonment.1*  Latin America, including countries in South and Central America, have a 75.3% cart abandonment rate.2* One of the most significant reasons for these abandonments is the friction perceived by the user during their act of purchase.  Technology providers are working to reduce this friction by implementing Risk Based Authentication (RBA) algorithms in their solutions so that users (cardholders) are automatically authenticated, thus providing security for the entire electronic payments ecosystem.

1* CreditDonkey, Dynamic Yield.

2* CreditDonkey, 2022.

What is Risk Based Authentication (RBA)?

Risk Based Authentication, also known by the acronym of its initials RBA, is not an exclusive term for authentication in electronic transactions, but its application makes perfect sense for this purpose. This is a general term used to identify any authentication process that has its validation rules linked to a risk analysis based on the data provided for this purpose.

Bringing this concept to the universe of electronic transactions, the application of RBA happens in conjunction with a 3DS Access Control Server (ACS), recommending or taking actions based on the data obtained by the 3DS Methods protocol.  This is supported by an EMVCo, referring to the 2 possible flows of customer authentication (cardholder) in an electronic transaction:

  • Authentication without challenge: Risk analysis identifies low risk and recommends authentication without the cardholder needing to interact with the ACS.
  • Authentication with challenge: the risk analysis identifies a medium or high risk and recommends an authentication in which the cardholder needs to interact with ACS, for example, enter a password sent by SMS.


How Does It Work?

In this application of the RBA being applied integrated to the ACS, the result of the risk analysis returns one of the two recommendations already mentioned above based on some of the following transaction information extracted from the 3DS protocol authentication request message:

  • Customer Data
  • Card Information
  • Purchase Information
  • Store Information

All this information is sensitive and therefore services related to financial transactions are developed and operated according to the strictest standards, as well as information security and are governed by governance instruments with annual audits of bodies such as Payment Card Industry (PCI), EMVCo and the brands themselves.


Unchallenged Flow

Risk Based Authentication (RBA)

  1. When the customer confirms Checkout, the purchase and customer data passes through the 3DS protocol domains and is processed as an authentication request message until it reaches the Issuing Bank’s Access Control Server (ACS).
  2. The ACS consults the risk analysis service that processes the authentication request information.
  3. The risk analysis service validates the data by not finding inconsistencies in the transaction authentication request message against the defined rules/parameters, then informs the ACS that the transaction can be authenticated without customer interaction.
  4. ACS authenticates the transaction and then the payment follows the normal authorization flow.


Risk Based Authentication (RBA)


  1. Same flow process without challenge.
  2. Same flow process without challenge
  3. The risk analysis service finds some inconsistency in the data of the transaction authentication request message in relation to the defined rules/parameters, then informs the ACS that the transaction will be authenticated after successful customer interaction.
  4. The ACS presents the challenge screen, where the customer must enter the password received by SMS, email or other method of sending.
  5. After successful validation of the password, the payment follows the normal flow of authorization.



One of the main challenges in an electronic transaction is the conversion rate, which is the rate related to the customer (card owner) who visits the page and even adds the item to the cart, but does not complete the purchase. And one of the biggest offenders for this practice is the friction at checkout, where the customer ends up giving up the purchase by having to perform additional authentication or verification steps.   By integrating RBA into the ACS solution, the authentication process gains an important automation to assist the Issuing Bank in its decision making to challenge or not a transaction based on customer information, purchase information, behavioral aspects, device information used, and other data obtained from the 3DS protocol. Thus, for consumers who usually follow patterns in their e-commerce purchasing activities, RBA will tend to suggest the flow without challenge, thus decreasing friction in the authentication process safely for all participants in the process.


HST – Risk Based Authentication (RBA): more security for electronic transactions

Risk Analyzer is HST’s Risk-Based Authentication solution, operating in conjunction with HST-ACS 2.0 brings card-issuing banks more security and agility in the decision-making process regarding transaction authentication.

Want to know more about our solutions? Get in touch with our sales team!

Click2Pay – Solution to simplify and increase security in online commerce

With the constant growth of e-commerce in Latin America, the need arose to make the online shopping experience faster, easier and safer for everyone involved. Thus, the Click2Pay solution was born, which brings together card tokenization and 3DS technologies.


With high cart abandonment rates and low approval rates, many transactions are lost and higher levels of fraud occur than in gift card transactions, so Click to Pay stands out as an efficient solution

Learn more about the solution!


How does Click2Pay work?


Click2Pay is an electronic payment solution developed by major credit card companies (Visa, Mastercard and American Express). The solution offers a safe, fast and convenient alternative for consumers who want to shop online. With this solution, consumers can pay for their purchases on e-commerce websites, apps, and other locations that accept electronic payments.


The Click2Pay solution works simply and effectively. 


Consumers need to register their credit cards in the solution. Once registered, consumers can make purchases on e-commerce sites that accept the Click to Pay solution.


  1. On the checkout screen of the merchant’s website, the customer selects the “Click to Pay” option as a payment method.
  2. Subsequently, the customer is redirected to the Click to Pay login page, being successfully authenticated, it is possible to select a card, pre-registered on the platform, whether the credit or debit option, to be used to proceed with the purchase.
  3. Next, the customer confirms their details and the card on the confirmation page.
  4. Then, the customer returns to the merchant’s website on the payment confirmation page with the card selected via Click To Pay.
  5. Ready, purchase completed, without the customer’s card details being entered on the merchant’s website. The processing of this purchase will be carried out using the normal payment authorization flow.


Click to Pay seeks to provide a physical-like ecommerce or mobile payment experience using tokenization and 3D-Secure technology.



Key Benefits of Click2Pay:



With this solution, consumers’ payment information is encrypted and stored on secure servers. This way, customer information is not shared with merchants, reducing the risk of fraud and identity theft.



Consumers don’t need to remember multiple different usernames and passwords for each online shopping site. In addition, the solution is compatible with several devices: computers, smartphones and tablets.


Frictionless transactions

Frictionless online shopping experience. Customers do not need to repeatedly enter their card, billing, and shipping information.


Reducing costs

It saves resources and costs, certification is not necessary for each brand, with more agility.


Click2Pay features

The Click to Pay solution has several features that make the online shopping experience easier and safer:

  • Secure storage of payment information
  • Strong customer authentication
  • Compatibility with mobile devices
  • Integration with multiple online merchants
  • Support for multiple credit cards
  • Single point of integration with Brand SRC systems in the function of SRC Initiator
  • Integration with purchasers for check-out
  • Compatibility with mobile devices and web browsers
  • Single point integration via API or web SDK interfaces
  • PCI-DSS Certified SaaS Solution


HST – More security for electronic transactions

The HST Click to Pay solution provides APIs for merchants and acquirers making it easy to integrate e-commerce sites with the Click to Pay solution. With a single click, consumers can pay for their purchases on e-commerce websites, apps, and other locations that accept electronic payments. 

Want to know more about our solutions? Download Click to Pay material below, or contact our sales team!



EMV 3D-Secure: a more secure, rapid and better e-commerce user experience

EMV 3D-Secure is an international security protocol to make e-commerce a better and safer experience for the consumer. So let’s get a better understanding about EMV 3D-Secure and what its main benefits are!

The global pandemic and risk of in-person transactions caused e-commerce sales to grow worldwide. According to a survey by Neotrust, in 2020 more than 10 million Latin American customers made their first digital purchase. In Brazil, e-commerce experienced 57.4% growth in the first quarter of 2021 compared to the same period the prior year. With the growth of e-commerce, the need to offer a more secure, better experience for online shopping also emerged.

What is EMV 3D-Secure?

3D-Secure is a security protocol used by the main card brands created by the global technical staff EMVCo (Europay, MasterCard and Visa). The term “3D” refers to the three domains that communicate during a transaction: card issuer, merchant, and cardholder. Exchanging data between these three players can increase authorization approval rates, reduce fraud and provide a better shopping experience for the cardholder.

White Label Digital Wallets – What is it and what are the main benefits?

EMV 3D 2.2.0 – What’s the difference versus prior versions?

In 2001, the 3D-Secure 1.0 protocol was implemented to provide better authentication for cardholders who make purchases over the internet. In 2016, the protocol was revised and 3D-Secure 2.0 emerged with the goal of providing a better user experience. The version introduced risk-based authentication, removing much of the friction that existed in the previous versions. Also, version 2.0 can support all types of mobile devices, not just desktop browsers. In 2018, the protocol moved to version 3DS 2.2.0 to offer even more features: Decoupled Authentication: allows the cardholder to be authenticated even if he is not interacting directly with the commercial establishment, for example, in the automatic renewal of subscriptions. Allowable List: allows the merchant to be included in a database so that, when the cardholder returns to the merchant, this is recognized in the risk analysis.

What are the main benefits of EMV 3D-Secure?

Overall, the EMV 3D-Secure protocol offers significant benefits: – increased e-commerce security; – increase in authorization fees; – reduction of card not present fraud (CNP); – reduced friction in the customer’s checkout experience; – available for different digital platforms and channels; – protects merchants from exposure to fraud-related chargebacks.

Key benefits for card issuers: – risk-based authentication: more and better data involved in the decision-making process, generating less fraud in Card Not Present transactions; – more approved transactions; – increased consumer confidence.

Key benefits for merchants: – reduce purchase abandonment; – frictionless checkout; – reduced false declines.

Key benefits for customers: – Improved user experience/checkout; – easier authentication; – more confidence in every transaction.

To learn more about our EMV 3D-Secure solution:
e-commerce security



White Label Digital Wallets – What is it and what are the main benefits?

What are digital wallets and digital wallet white label?

A digital wallet is an electronic service that allows you to pay for goods and services through mobile devices, such as cellphones and wearables.  Payment details are stored in the wallet as a token.  In addition to paying for items in a contactless, more secure manner, digital wallets also allow you to store sensitive information; items such as cards and gift cards can be securely stored in a digital wallet.    


The difference between OEM wallet and white label wallet

  • OEM wallet – OEM Original Equipment Manufacturer.

These wallets are the mobile payment applications developed and offered by the device manufacturer, such as Samsung Pay, Google Pay and Apple Pay. This allows users to add cards from multiple issuers to the wallet application.  This app is not customizable.

  • White Label Wallet – these solutions enable financial institutions and issuers to customize their own branded wallet with the “look and feel” that their customers are used to seeing.  They have the same functionalities of OEM wallets such as payment capabilities and storage capacity.  White label wallets tend to be device agnostic, viable for both Android and iOS devices.  An additional benefit for the issuers and financial institution  white label wallets are the ability to strengthen your relationship with clients and provide payments solutions to everyday problems.


Digital wallets can store credit and debit card information a allowing payments directly from the card.  Other functionalities that digital wallets offer are: Peer-to-Peer (P2P) payments, online payments, hold funds, store ID cards, storage for transit tickets such as trains, buses or boarding passes and security.  All wallets have security features and technology that protect sensitive data and keep it safe.


How do digital wallets work?

Digital wallets can be downloaded through a digital wallet app provided by your bank, onto your smartphone.  Once you have the app downloaded, you typically enter the credit or debit card info into the wallet.  The wallet will automatically contact the issuing card network and get a token.  The token will stand in place of your card number so that your data will be secure and the token will be saved on your device.  


When paying at a store with your mobile device, digital wallets will use the NFC chip stored in it.  By hovering over the POS terminal, the payment app is activated and payment can be made quickly, easily and without any contact.  Other payment methods can include QR or bar codes to send payment information.  


Benefits of using digital wallets

Digital wallet usage was increasing before the pandemic but now, usage has skyrocketed all over the globe due to the contactless convenience.  If you need to make a purchase in a store, payment can be made without touching a credit card terminal.

Payment Security

credit card fraud is a lingering concern and data security is a major concern.  Digital wallets have multiple layers of security to keep your data secure and protected, these include:

  1. Passcode to access the wallet;
  2. Encrypted transmission to transmit data from your phone to the server;
  3. Tokenization technology replaces your real credit/debit card number with a token stored on your phone.  If a token is stolen, the credit card issuer simply reissues another token and disables the stolen token.
  • Contactless Convenience –

    no touch payments are possible with a digital wallet as well as faster checkout, with just a few taps.  A big, bulky wallet is no longer necessary to run to the store and receipts can be stored on the app to help you stay organized.


HST Pay – Complete payment platform

HST Pay is a comprehensive payment platform which offers a mobile wallet for brands and/or private label. It includes all application modules related to tokenization. We are a certified Visa Token Service Provider (TSP). The solution allows for easy management of: users, cards, tokens and reports for wallets and cards.

Card Tokenization – know the main benefits

See the benefits of HST Pay:

  • Options for regular and quick pay;
  • Customizable to your own specifications/branding;
  • Greater spending control;
  • We provide infrastructure to digitize multiple credit card companies and private label cards;
  • Biometric Secure Access;
  • Cost effective White label option available;
  • Supports a variety of ID&V methods *

ID&V – *Identification and Verification. Before tokens are associated with a device, the cardholder must go through an identity verification process.

White Label Digital Wallet – The future of your financial institution payment

During the global pandemic, consumers tried new forms of payments for the first time with many of them embracing digital wallets.  For many consumers, digital wallets have become a preferred method of payment and they will likely continue using them long after the pandemic has ended.  According to the Global Digital Payments Insights by Blackhawk Network*, 59% of Mexicans and 62% of Brazilians surveyed, used a digital wallet in 2020.

The 2021 Global Payments Report by Worldpay** surveyed consumers across 41 countries and found that in 2020, due to the pandemic, the lockdown accelerated the shift to digital payments.  Globally, the use of mobile wallets exceeded cash usage for in-store payments.  In Latin America, mobile wallets accounted for 6% of payment methods.  Forecasts for both in-store and eCommerce transactions indicate that digital wallets are likely to be the preferred method of payment.

Both the Blackhawk Network and Worldpay surveys seem to indicate that the pandemic has ushered in an age of cashless payments, the potential is great for retailers offering digital payment options as well as providers connected to the digital payment ecosystem.  So, the future of payments is definitely Digital Wallets!