Skip to main content
Card class: HeroCategory: Payment Gateway
When customers see the 3DS challenge and bail. High abandon = friction; consider smart routing.

At a glance

Percentage of customers who saw a 3DS 2.0 challenge screen and abandoned without completing it. The single highest-leverage UX-side conversion metric for any enterprise merchant operating in 3DS-mandated geographies (EU PSD2 / SCA, UK FCA, India RBI, parts of LATAM). High abandon means real revenue is being left on the table by the issuer’s challenge UX, not by the merchant. Cross-channel: this card combines CS 3DS authentication outcomes with commerce-platform checkout-funnel dropoff at the 3DS step.
The formulaCOUNT(threeDSecureStatus='ABANDONED') ÷ COUNT(threeDSecureStatus IN ('SUCCESSFUL','ABANDONED','FAILED')) × 100. Reads from /tss/v2/searches. Excludes FRICTIONLESS (the customer never saw a challenge) and NOT_REQUIRED (transaction wasn’t 3DS-eligible).
3DS 2.0 frictionless vs challenge3DS 2.0 has two paths: frictionless (issuer authenticates server-to-server, customer sees nothing, transaction proceeds) or challenge (customer must complete a step-up. OTP, biometric, password, to authenticate). Issuers decide per-transaction. Frictionless rate of 70-85% is healthy; lower means issuers are challenging too aggressively. See 3DS Frictionless Volume.
What “abandon” means specificallyThe customer reached the issuer-hosted challenge screen but didn’t submit (timeout, closed window, refused). The merchant’s storefront is technically waiting for the issuer’s callback that never comes. Distinct from FAILED (customer entered wrong OTP, refused biometric) where the issuer told the merchant “no”.
PSD2 / SCA mandate impactEU PSD2 SCA mandates 3DS for most ecommerce transactions; UK FCA inherited similar rules post-Brexit. Merchants in these geographies cannot opt out of the challenge for non-frictionless flows; reducing abandon is the only conversion lever. India RBI mandate is similar but with even higher abandon rates due to network reliability.
Common abandon causes(1) Mobile UX: issuer challenge pages designed for desktop, render poorly on mobile (40, 60% of abandons); (2) Timeout: 5-10 min issuer timeout while customer fetches OTP from SMS (15, 25%); (3) Wrong OTP attempt limit: customer enters wrong code, locked out, abandons (10, 15%); (4) Customer doesn’t recognise challenge: especially on first-time card, first-time issuer (10, 15%).
Currencyn/a (rate, currency-neutral).
Refunds / disputesExcluded. Abandons never authorise so there’s nothing to refund / dispute.
Failed / declined paymentsThe denominator includes attempted-3DS authentications. Customers who completed challenge successfully or failed it are in the denominator; customers who abandoned mid-challenge are in the numerator. Customers whose card-issuer doesn’t support 3DS at all (NOT_REQUIRED) are excluded entirely.
Time window30D.
Alert trigger> 25%. Above 25% indicates significant friction; PSD2-mandated geographies tend to run 18, 24% naturally, so 25%+ usually means an issuer-side challenge-UX problem affecting a specific BIN or country.
Sentiment keythreedsecure_abandon_rate
Rolesowner, operations, marketing

Calculation

Calculated automatically from your CyberSource data. See the At a glance summary above for what the metric tracks and the worked example below for a typical reading.

Worked example

A UK-based enterprise online fashion retailer running CyberSource for ecommerce. The 30-day window covers 14 Mar 26 to 12 Apr 26. Roughly 1.85M total transaction attempts across UK + EU + global; PSD2 / SCA applies to most EU transactions, UK FCA to UK transactions. The 3DS outcome mix from /tss/v2/searches:
OutcomeCountShare of totalNotes
FRICTIONLESS786,50042.5%Issuer authenticated server-to-server; customer saw nothing
NOT_REQUIRED612,40033.1%Card-issuer doesn’t support 3DS or transaction below SCA threshold
SUCCESSFUL (challenge passed)268,30014.5%Customer completed the challenge
ABANDONED122,4006.6%Customer saw challenge, bailed
FAILED60,4003.3%Customer entered wrong OTP / refused biometric
3DS Challenge Abandon Rate
  numerator   = 122,400 ABANDONED
  denominator = 268,300 + 122,400 + 60,400 = 451,100  (challenges shown)
  rate        = 122,400 ÷ 451,100 × 100
              = 27.13%
Five things worth noticing for a UK-based ecommerce VP of Conversion:
  1. 27.13% abandon rate is above the 25% alert threshold. Industry benchmarks for PSD2-mandated geographies put healthy abandon at 18-24%; UK retailers typically average 22%. At 27% the merchant is leaving meaningful conversion on the table, every 1pp reduction in abandon adds ~4,500 successful 3DS authentications per month, at typical fashion-retail AOV £68 that’s ~£306k of recoverable monthly revenue per percentage point.
  2. Mobile is overwhelmingly the abandon driver. Drilling by device, mobile abandon runs ~38%, desktop runs ~14%, mobile-app (in-app browser) runs ~22%. The merchant’s app is doing OK; the mobile-web flow is the problem. Common cause: the issuer’s challenge page renders poorly on mobile, customer loses patience, abandons. Smart routing for mobile-web (route to issuers with better mobile-challenge UX or push toward saved-token / Apple Pay / Google Pay flows where 3DS happens at provisioning time) usually drops mobile abandon to 22-28%.
  3. Frictionless rate at 42.5% of total attempts (or 63.6% of challenges + frictionless) is healthy but improvable. Industry leaders run 75-85% frictionless on PSD2 transactions because they: (a) submit rich device-fingerprint data with the auth request (more signal = more frictionless decisions); (b) use 3DS Server SDK that provides exemption hints for low-risk transactions (TRA, low-value); (c) maintain good merchant fraud-history with the issuer ecosystem.
  4. NOT_REQUIRED at 33.1% is too high for a UK merchant. Most UK + EU customers should be SCA-eligible. The merchant likely has cross-border international customers (US, AU, MX) where 3DS isn’t mandatory, these are NOT_REQUIRED but still authenticatable if the merchant chooses. For high-AOV transactions (>£250) even non-mandated geographies benefit from 3DS because the issuer-liability shift on 3DS-protected fraud disputes saves money on the chargeback side.
  5. Cross-channel impact is meaningful. Joining this card to the storefront’s checkout-funnel data: 122,400 abandoned 3DS challenges correlate with ~118,000 cart-abandonments at the payment-step. That’s a £8.0M revenue at risk per period (122,400 × £68 - 5,000 customers who would have abandoned for other reasons anyway = ~£8M). See 3DS Friction Revenue Loss for the formal cross-channel measurement.
If the merchant ships mobile-UX-targeted improvements (smart routing for mobile to better-challenge-UX issuers, pushing Apple Pay / Google Pay where 3DS happens at provisioning) and the abandon rate drops to 22%, that’s a 5pp improvement = ~22,500 more successful authentications monthly = ~£1.5M monthly revenue recovery. The composite Payment Health Score responds within one full sync cycle.

Sibling cards merchants should reference together

CardWhy pair it with 3DS Challenge Abandon Rate
3DS Frictionless VolumeThe other half of 3DS 2.0: when the issuer authenticates without showing a challenge. High frictionless = low abandon exposure.
3DS Success RateOverall 3DS success vs failure (excluding abandons).
3DS-Authenticated TransactionsThe volume side: how many transactions go through 3DS at all?
Decline RateAbandons inflate decline rate directly.
Authorisation Success RateInversely correlated with abandon.
3DS Failure AlertReal-time alert when 3DS success drops sharply.
3DS Friction Revenue LossCross-channel: dollar value of revenue lost to 3DS abandon.
Adobe Commerce / Shopify checkout-funnelThe storefront pulse; checkout-step abandon at payment step correlates with this card.

Reconciling against the vendor’s own dashboard

Where to look in CyberSource Business Center (EBC2): Why our number may legitimately differ from EBC2:
ReasonDirectionWhat to do
Reporting API extraction lag. Reporting v3 overnight batch on the 3DS report. EBC2 transaction search is real-time.Vortex IQ may lag EBC2 2-6 hours on most-recent day.Use the 30D window which averages out the lag.
Time zone. EBC2 uses merchant-account tz; we use UTC.Boundary-day drift.Negligible on 30D.
NOT_REQUIRED filtering. We exclude entirely; some EBC2 views surface NOT_REQUIRED in the abandon denominator.Tiny drift if EBC2 view includes them.Our exclusion is correct (NOT_REQUIRED never showed a challenge to abandon).
FAILED vs ABANDONED distinction. EBC2’s API surfaces FAILED and ABANDONED as separate enum values; some EBC2 UI views collapse them into “did not authenticate”.Tiny drift.We keep them distinct because they have different remediations.
Cross-connector reconciliation:
ComparisonExpected relationshipWhen divergence is legitimate
cs_3ds_abandon_rate ↔ commerce platform’s checkout-step-3 abandonStrong positive correlation. Customers abandoning 3DS often show as cart-abandons at the payment step.A divergence (CS abandon high but storefront cart-abandon low) usually means the issuer’s callback timeout is masking the abandon as a “delayed success”.
cs_3ds_abandon_ratecs_3ds_friction_lossThis card’s count drives the dollar value in friction_loss.n/a (causal relationship).
cs_3ds_abandon_rate ↔ Stripe equivalentStripe doesn’t expose a directly comparable card; its 3DS data lives inside the payment_intents object. Multi-acquirer enterprises should track this CS card as the canonical 3DS-friction view.n/a (no direct peer).

Known limitations / merchant FAQs

Why is my abandon rate so much higher on mobile vs desktop? Issuer-side challenge UX. Most issuers designed their 3DS challenge pages for desktop browsers; mobile rendering is often poor (overflow, tiny tap targets, slow OTP-fetch flow because the customer has to switch apps). Industry data: mobile abandon runs 2-3x desktop abandon. The fix is partly merchant-side (smart routing to issuers with better mobile UX, pushing toward Apple Pay / Google Pay where 3DS happens at provisioning time) and partly issuer-side (slowly improving as issuers update their hosted challenge pages). Can I exempt low-value transactions from 3DS to reduce abandon? Yes, in PSD2 / SCA jurisdictions. The TRA (Transaction Risk Analysis) exemption allows issuers to skip 3DS for low-risk transactions when the merchant submits qualifying device-fingerprint and transaction-history data. The Low-Value Exemption (under €30) lets merchants skip 3DS for small purchases. Both require that merchant total fraud rate stays below regulatory thresholds; CyberSource 3DS Server can request these exemptions automatically in the auth flow. My abandon rate is 22% but I’m losing more than that to checkout drop. Why? Two reasons. First, 3DS abandon is just one cause of payment-step drop; others include declined cards, customer changing mind, cart-saving for later. Second, customers who see a 3DS challenge sometimes “abandon” the merchant’s cart entirely (close the tab) rather than just abandoning the challenge, these may not register as abandons in this card if the issuer’s callback is still pending. Use 3DS Friction Revenue Loss for the cross-channel measurement. 3DS 2.0 was supposed to be lower-friction than 3DS 1.0. Why is abandon still high? 3DS 2.0 IS lower-friction on average, frictionless rates of 70-85% mean most transactions never see a challenge. But for the slice that DOES get challenged, the UX is similar to 3DS 1.0 (still an issuer-hosted page, still OTP-or-similar). The improvement is in WHO gets challenged, not how the challenge works. The remaining lever is reducing the challenge-rate further (more frictionless via richer device data, more exemptions via TRA / low-value). What’s a “good” abandon rate? Industry benchmarks: PSD2-mandated geographies 18-24%; UK FCA-mandated 20-26%; non-mandated geographies (US, AU, CA optionally) 25-35% because customers see 3DS less often and recognise it less when it does appear. Below 18% in any geography is excellent and usually requires merchant-side investment in saved-payment-method flows (Apple Pay, Google Pay, network tokens). Smart routing reduces abandon, what does that mean? “Smart routing” or “issuer-aware routing” means the merchant’s gateway / orchestration layer decides how to authenticate based on the issuer’s known UX quality. For issuers with poor mobile-challenge UX, the gateway might: (a) route the transaction through a different acquirer that supports issuer-level exemption requests; (b) push the customer to a saved-token flow (Apple Pay / Google Pay) that pre-authenticates; (c) request a TRA exemption upfront. CyberSource 3DS Server supports configurable smart-routing rules. Are abandons disputable? No. An abandoned 3DS challenge never authorises, so there’s no transaction to dispute. The customer’s card was never charged. That said, abandoned 3DS does show up as cart-abandonment in the storefront’s analytics, which feeds re-engagement campaigns (“you left these items behind”). Does abandon rate count against my Visa VDMP fraud rate? No, abandon doesn’t count as fraud. Only authorised-then-disputed transactions count toward VDMP. However, abandons that customer immediately retries on a different card / device and that retry succeeds DO count for whatever happens to that retry transaction. My multi-currency global merchant, does this card work? Yes, count-based ratios are currency-neutral. The geography breakdown in the drilldown shows abandon rate per country; PSD2-mandated EU geographies will read higher than non-mandated US / AU because customers see 3DS more often.

Tracked live in Vortex IQ Nerve Centre

3DS Challenge Abandon Rate is one of hundreds of KPI pulses Vortex IQ tracks across CyberSource and 70+ other ecommerce connectors. Nerve Centre runs the detection layer; Vortex Mind investigates the cause when something moves; Ask Viq lets you interrogate any number in plain English. Start for free or book a demo to see this metric running on your own data.