Upgrading to 3D Secure 2.0

3 Ways to seamlessly authenticate payments

Written by Rebekah Moss 10 Sep 2020 - 4 Minutes reading time

What is 3D Secure 2.0

Considered the most convenient way of complying with PSD2’s latest SCA regulatory standards, little is known about 3D Secure 2.0; especially in comparison to its predecessor 3D Secure 1.0.

Why is it better than 3D Secure 1?

3D Secure 1.0 was initially launched under the umbrella of the world’s 5 leading card schemes in 1999. At this time, the internet was undoubtedly just building its footing and e-commerce was definitely not king - mobile commerce was non-existent.

With the rapid evolution of consumer shopping habits and e-commerce; which then divided into its own sub-sectors, the necessity of increased security that was suited to the demands of fast customer checkout flows had to be met.

Otherwise known as EMV 3DS 2.0, 3D Secure 2.0 was introduced as an evolved version of the 3DS1 protocol; designed to make risk-based decisions quietly during the checkout flow through the requirement of an authentication process between the customer and issuing bank.

How it Works

If a transaction is determined to be high-risk - aka due to its purchase value or item description, the transaction is challenged with an authentication process.

Passive Authentication

The transaction is challenged and authenticated in the background and the customer does not need to input any information.

Two-Factor Authentication

The transaction is challenged and the customer is sent a one-time passcode via SMS or email to input within the checkout flow to authenticate their purchase.

Biometric

The customer must switch to their issuing bank’s app to verify their purchase with a biometric mode of authentication such as face or touch ID. This may appear as a native overlay option on iOS or Android devices.

The benefits of 3DS2

  • Unlike its predecessor, 3D secure 2.0 navigates some of its associated conflicts by streamlining the customer journey. Through these aforementioned authentication processes, authentication can now take place - at times - silently with the requirement of static passwords removed; and even the lowest risk transaction can be authenticated with ease, in line with customer preferences surrounding security.

  • 3D Secure 2.0 elevates the convenience of and encourages the use of mobile checkout flows. Considering the reduced surface area of mobile that a merchant has to contend with to facilitate a customer journey, an integrable fraud mitigation tool that works in league with m-commerce should be considered a plus.

  • Supports purchases natively via mobile browsers and in-app.

  • Enable issuing banks to perform risk-based decisions and therefore shift chargeback liability from you the merchant, to them, the bank.

  • With a variety of authentication flows available, merchants can ensure 3DS2 matches the look and feel of their storefront.

  • Biometric authentication can occur within in-app purchases without needing to redirect the customer outside of the app.

  • With the ability to authenticate payments in several different ways - including passively in the background and thereby frictionlessly - 3D secure 2 is considered an elevation of 3D Secure version 1; promising an increase in security for customers and authorisation rates for merchants.

Why Might It Fail?

3D Secure 2.0, whilst described as a very frictionless process, is not right for every merchant.

Whilst PSD2 SCA requires a level of authentication such as that of 3D Secure 2.0’s protocol within the EEA, merchants looking to take payments might find that risk-based assessments at the checkout are unnecessary; depending on how their global shopper prefers to pay.

Whilst it’d be obvious to point out that certain alternative payment methods such as invoices and prepaid cards might negate the requirement of 3D Secure 2.0, the bigger point of friction lays in the variation of fraud rates across the globe.

Across the world, different issuing banks have had varying approaches to tackling fraud in e-commerce due to the individual fraud rates of their territories.

Additionally, depending on the size of various e-commerce markets, issuing banks may have implemented other authentication methods or fraud checks that can create friction and possible faults within 3DS2’s protocol.

Rarely, in the case where a customer’s card is not registered for either 3D secure’s authentication protocol under any of the 5 major card schemes or EMVCo’s 3D Secure 2.0 protocol (as managed by these same schemes), then a transaction will also fail to authenticate.

This is likely to be more common in foreign territories when other card schemes are more popular and e-wallets prevail over credit card use.

Finally, whilst implementing 3D secure 2.0 into your checkout protocol is recommended as a risk and compliance measure, there are sporadic periods when your payment gateway may remove its availability.

Businesses should refer to their payments provider for other SCA compliant modes of authentication in these times.

Whilst PSD2 SCA’s local and broader deadlines have changed several times, the consensus is that the major implementation of 3D secure 2.0 is expected by December 31st, 2020 across most territories.

If you’re looking to increase your authorisation rates, do not hesitate to get in touch with Total Processing today!

Source 1

Source 2

Source 3

Contact

Send us a message

Join Our Newsletter

Subscribe to our newsletter to stay informed. Our team of experts are at the forefront of the payment processing industry and we regularly post articles about emerging technologies and trends.