If your business operates in Europe and accepts online card payments, implementing 3-D Secure 2 (3DS2) is an essential update to your payment systems, replacing 3DS1 which was introduced in 1999. 3DS2 is an online payment authentication required by all the card schemes (Visa, Mastercard, Amex, Discover/Diners) for online transactions. Your business needs to be up and running on 3DS2 to comply with EU laws and avoid card declines.
Providing a frictionless payment process offers a tangible advantage that will help your customers make purchases quickly and effortlessly. According to Visa, 3DS2 will see around 95% of transactions go through automatically, drastically reducing the requirements for additional verification typical before introducing this technology.
3DS and 3DS2 – the basics
Established by Visa and Mastercard, 3D Secure (or 3DS) allowed communication between digital merchants, payment networks and financial institutions to analyse and share transactional data. It helped merchants to securely process payments while protecting the card issuer from fraudulent transactions. Created over 15 years ago, it was primarily designed for desktop browser authentication.
As payment processes evolved in the last decade, card issuers have been experiencing an increase in fraudulent transactions with a shift towards mobile and invisible commerce. This prompted the need for an authentication protocol accessible through a more significant number of devices and platforms, including integration with mobile numbers – two-factor authentication where a secure passcode is used for verification.
As a result, since December 2020, in line with the new Payment Service Directive regulation (PSD2) issued by the European Commission, all businesses accepting online payments need to upgrade their authentication to 3-D Secure 2 (or 3DS2). 3DS2 enables a real-time, secure, information-sharing process that merchants can use to send specific transactional attributes that the issuer can use to authenticate customers more accurately without asking for a static password or slowing down payments.
Benefits of 3DS2
3DS2 is designed to enable a better customer experience having minimal impact on conversions.
Here are some critical advantages of 3DS2 over its predecessor:
● Easily facilitates mobile transactions, providing customers with a quick frictionless experience. 3DS1 required further account credential information to be entered during checkout, often on another page, which led to high cart abandonment. With 3DS2, transactions are supported on mobile devices or IoT applications, often using biometric authentication and speeding up payments.
● Helps quickly collect data to identify risks and protect against fraud. When a 3DS2 transaction is initiated, specific data points are collected, sent to a 3DS Server, and routed to the card issuer Access Control Server (ACS) for approval. Card issuers analyse more than 150 data fields, such as browser IP address, browser language, delivery timeframe, shipping indicator, merchant category code and respond with a frictionless approval, device fingerprint, challenge, or fallback.
● Reduced risks caused by unauthenticated payments. 3DS1 provided banks with limited information about the transaction, therefore declining numerous legitimate transactions. 3DS2 allows consumers to directly authenticate with banks, shifting the fraud screening responsibility from merchants to the banks while avoiding chargeback issues. As 3DS2 provides a lot of transactional data, banks can confidently and quickly approve transactions.
● Secure authentication on mobile and desktop checkout pages. 3DS2 is compliant with the European’s payments directive that requires Strong Customer Authentication (SCA) on transactions originating in EEA. This is a modern way to provide customers with a frictionless payments experience across all technological devices.
How 3DS2 supports SCA
SCA processes rely on robust mechanisms that banks use to understand if the customer is making a genuine transaction. Banks use information from various categories to complete their know your customer (KYC) checks for transaction approval:
● Biometrics using fingerprints, facial or voice recognition
● Identity confirmation using a PIN, a personal data point (your first school or mother’s maiden name) or a passphrase
● Confirmation of payment using the customer’s device such as mobile phone, wearable device, token or smart card.
● No need for customers to self-enrol – 3DS2 disables the enrollment procedure where a window would pop up redirecting the customer from the checkout page to the bank’s website.
The best way to implement 3DS2 for your payment authentication process is by using a payment gateway solution like Tru Security. This is an out-of-the-box solution that is SCA (Strong Customer Authentication) ready. Using Artificial Intelligence (AI) for AML, fraud detection and enhanced 3D Secure 2 as standard, Tru Security will detect fraud and cyber threats through continuous behavioural authentication.