Skip links

Your starter guide to Strong Customer Authentication with 3DS2

Businesses in the UK are nearing the deadline to adopt Strong Customer Authentication (SCA) – on 15 October 2022. In line with the Payment Service Directive (PSD2) and enforced by the Financial Conduct Authority, Strong Customer Authentication (SCA) provides users with more security. It reduces fraud when they make payments online.

We’ve covered the basics of Strong Customer Authentication (SCA) in a previous article.

As we dive into the changes that 3DS2 brings, we’ll now help you get up to speed on its implementation in this short guide.

The difference between 3DS and 3DS2

Customers in Europe are experiencing significant friction at checkout due to SCA requirements. The reason for this is 3D Secure, or 3DS, the protocol to implement SCA, which uses three domains to authenticate consumers and sign transactions during card-not-present (CNP) transactions.

3DS poses some challenges: it is ridiculously difficult for consumers to use, with some unable to view the 3DS authentication page on their devices. Additionally, there are compatibility issues when the authentication process occurs on mobile devices, as well as really slow loading speeds on the authorisation page. Moreover, the authorisation popup window is not always identified as authentic, resulting in suspicion and transaction abandonment by the customers.

As a result, the financial industry introduced 3DS2, an upgraded version of 3DS, which offers a more frictionless experience for customers, thus reducing cart abandonment. For any transaction to be completed, customers only need to provide 2 out of 3 pieces of personal information, as well as confirm their identity via a short code sent by their bank via SMS.

3DS2 – a better fraud-prevention tool

Payment processors can be of great help in unifying your approach and streamlining check-out experiences. A payment processor like TRU Connect is your most direct route to secure online digital payment acceptance through any device or channel.

The payment methods you can accept using TRU Connect are:

At the time of checkout, cardholders will enter their credit card information.

At this point, the merchant’s 3D Secure 2 provider sends a rich authentication request to the issuer. The data may include device ID, MAC address, geolocation, and previous transactions based on regional or market law restrictions.

After that, the 3DS2 service provider assesses the risk. Transactions that are determined to be high-risk are challenged. By using biometrics and two-factor authentication, the cardholder is asked to verify their identity.

The cardholder does not need to take any further action if the transaction is deemed low-risk.

Types of payments excepted from 3DS2

There are some situations where 3DS2 won’t apply: transactions where the merchant or payer are outside of the EEA, merchant-initiated payments, for example, subscriptions and telephone payments.

3DS2 is also not required for some types of payments, including:

Recurring payments. It is necessary to create and amend recurring payments with SCA, but future payments are exempt so long as the value of the payment and the individual being paid remain the same.

Secure corporate payments. SCA does not apply to these payments since they are made through dedicated corporate processes and protocols. Their transactions are monitored, fraud is prevented, and security is encrypted under strict regulatory requirements.

Low-value transactions. Transactions under £30 that are made remotely are also exempt from SCA.

Low-risk transactions when the Payment Service Provider (PSP) has low fraud levels across all its platform.

Whitelisted beneficiaries. It is possible for customers to create a whitelist of trusted beneficiaries to whom payments can be made without requiring SCA. Whenever a trusted beneficiary is created or amended, SCA must be applied.

How to get started with 3DS2 

Merchants who want to enable 3D Secure 2 can get assistance from payment service providers. Using our payment gateway, TRU Connect, Trust Payments can support your specific requirements to support 3D Secure 2.

Our easy-to-use, fast-to-process payment gateway works on any device and is the next generation of online payments.

For more information on 3D Secure 2 authentication and enablement, please reach out to our team here.

Security statement

Security is our top priority at Trust Payments and we strive to ensure that all data is kept secure at all times We keep all customer data safe with AES256 encryption, SSL Certificates, and a minimum of TLS1.2, between your website and our datacentres.

Our systems are scanned quarterly using the Qualys PCI Platform, an independent Qualified Security Assessor (QSA) and approved vendors – Omnicybersecurity (UK) & Forgenix (US) – to ensure compliance with the security requirements of the card schemes.

We follow a number of rigorous security procedures on a daily basis including, but not limited to, continuous monitoring of our perimeter, dark web monitoring, and internal checks to ensure that CIA triad is maintained at all times.

Keep up with the latest in payments!

Fill the form below to sign up to our mailing newsletter.