3D secure is a method of payment authentication online for CNP transactions.
The 2nd version of the protocol is designed to make the customer journey as frictionless as possible whilst reducing chargebacks and fraud for merchants, by instead, shifting liability in the majority of cases to the issuing bank.
With strong customer authentication compliance finally being enforced under the new payments standard directive (PSD2) in the UK by September 14th 2021 after many delays - with some acquirers already fining non-card issuers, payments firms and online retailers - let's dive into why 3D secure is the best approach to becoming SCA compliant.
What Is SCA?
SCA or strong customer authentication is one of the latest regulatory updates under the PSD2 directive. Used a method of verifying a customer's identity within the payment process, this new compliance measure must be met by all merchants as part of a measure to reduce fraud.
A compliant merchant will ensure that any customer using their checkout flow is who they say they are, or has authorised a third party to use their details by following the implemented authentication measures.
Who Does It Apply To?
This measure is applicable to nearly every business within the e-commerce vertical, and the majority of e-commerce retailers can work with their PSP to ensure that their business is compliant and protected against illegitimate customers by the required deadline.
If 3D Secure 2.0 Exists, Then What Is 3D Secure 1.0?
The old version of this new solution - aka 3D Secure 1.0, included redirecting customers off-site to authenticate high-risk purchases where necessary.
Whilst a liability shift to the card issuer still occurred within 3D Secure 2.0's predecessor, the amount of friction that occurred within version 1, especially on an omnichannel level such as across mobile devices, had a great potential to interrupt and even end the customer payment flow.
With this process a deterrent to even the most legitimate customers, 3D Secure 2.0 is poised to be both a solution and a compliant measure to current payment regulatory standards.
Where 3D Secure 2.0 Differs:
3D secure 2.0 streamlines the payment process by initiating the multiple factor authentication path in three seamlessly different ways - each tailorable to the consumer journey.
The transaction is deemed low-risk enough to be authenticated quietly in the background of the payment process, without the customer having to do anything.
The customer is asked to switch to their issuing bank’s app and verify their purchase biometrically. This often appears as an overlay option on iOS or Android devices without any redirects.
The customer's transaction needs to be authenticated with a one-time passcode that is sent to the customer via SMS or email. This passcode is then input into the checkout flow in order to complete the purchase.
With more authentication options, the customer can actively choose the most seamless path to purchase. With the flexibility of choice in authenticating their purchases, the data sharing functionality used to facilitate 3D Secure 2.0 opens up the future potential for enabling seamless shopping experiences that are also risk-assured.
As within 3D Secure 2.0, data is shared quickly and silently between the merchant and the bank in the background of every payment flow, increasing a merchant's authorisation rate whilst allowing the customer to checkout with no noticeable change.
Benefits Of 3D Secure 2.0:
• 3D Secure 2.0 supports a fraud liability shift towards the issuing bank.
• 3D Secure 2.0 seamlessly supports purchases by natively authenticating transactions made in-app and in some mobile browsers.
• Biometric and token-based authentication methods are supported, enabling a seamless checkout experience when using payment methods like Apple Pay and Google Pay.
• With a smarter approval process, soft declines can be recognised in 3D Secure 2.0, where they weren't previously in version 1.
• Merchants can authenticate initial payments for recurrence-based billing with 3D Secure 2.0.
• Recognise when a payment is deemed low-risk enough to skip further authentication processes (passive authentication).
• Dependent on the level of integration, 3D Secure 2.0 can be branded to match a merchant's brand identity.
Things To Consider:
Despite the mandate for compliance within the European Economic area, the uptake of 3D secure 2.0 is yet to be implemented on a mass scale. Your payments provider should ensure that 3D Secure 2.0 is dynamically integrated to avoid potential clashes with other fraud tools in place - used to reduce the CNP fraud rate of transactions in other countries (currently only Brazil and Australia also encourage the adoption of 3D secure 2.0 outside of the PSD2 EEA mandate).
Preventing Legitimate Declines:
3D Secure 2.0 transactions can only be processed using the protocol that supports both the card issuer and your payment solution. To ensure that a legitimate purchase is not declined, 3D secure 1.0 will prevail where version 2 is not supported in both instances.
3D secure is in continuous development to deliver both customers and merchants alike, the best e-commerce experience. Maintaining conversions and authorisations is a priority amongst this risk assured protocol, discover more about 3D secure 2.0 in our documentation library or contact us to learn more today!