Upgrading to 3D Secure 2.0

As online payments develop, so do the security protocols needed to keep merchants and consumers protected. That’s why it was crucial that 3D Secure 1.0, which was introduced back in 1999, was updated to keep up with the latest technologies and fraudulent risks.

Read on to find out how 3D Secure version 2 is better than its predecessor.

What is 3D Secure 2.0?

3D Secure 2.0 has been introduced to comply with Payment Services Directive Two’s (PSD2) latest Strong Customer Authorisation (SCA) regulatory standards.

Why is it better than 3D Secure 1?

3D Secure 1.0 was initially launched under the umbrella of the world’s five leading card schemes. At this time, the internet was undoubtedly just building its footing and e-commerce was definitely not king – mobile commerce was non-existent.

With the rapid evolution of consumer shopping habits and e-commerce, the necessity of increased security to suit the demands of fast customer checkout flows had to be met.

Otherwise known as EMV 3DS 2.0, 3D Secure 2.0 was introduced as an evolved version of the 3DS1 protocol, designed to make risk-based decisions quietly during the checkout flow through the requirement of an authentication process between the customer and issuing bank.

How it Works

If a transaction is determined to be high-risk, the transaction is challenged with an authentication process. The risk factor can be caused by a number of reasons: transaction value, item description and location of the transaction just to name a few.

But there are also a few different types of authentication:

Passive authentication

The transaction is challenged and authenticated in the background and the customer does not need to input any information.

Two-factor authentication

The transaction is challenged and the customer is sent a one-time passcode via SMS or email to input within the checkout flow to authenticate their purchase.

Biometric

The customer must switch to their issuing bank’s app to verify their purchase with a biometric mode of authentication, such as face or touch ID. This may appear as a native overlay option on iOS or Android devices.

The benefits of 3DS2

With the ability to authenticate payments in several different ways – including passively in the background and thereby frictionlessly – 3D secure 2 is considered an elevation of 3D Secure version 1, promising an increase in security for customers and authorisation rates for merchants. But let’s take a look at the benefits more closely:

• More streamlined - Unlike its predecessor, 3D secure 2.0 navigates some of its associated conflicts by streamlining the customer journey. Through these aforementioned authentication processes, verification can now take place – at times – silently with static passwords removed; and even the lowest-risk transactions can be authenticated with ease, in line with customer preferences surrounding security.
• Increased convenience - 3D Secure 2.0 elevates the convenience of and encourages the use of mobile checkout flows. Considering the reduced surface area of mobile that a merchant has to contend with to facilitate a customer journey, an integrable fraud mitigation tool that works in league with m-commerce should be considered a plus.
• Supports local payments - Purchases can be made natively via mobile browsers and in-app.
• Added merchant protection - Enable issuing banks to perform risk-based decisions and, therefore, shift chargeback liability from you the merchant, to them, the bank.
• Customisable authentication - With a variety of authentication flows available, merchants can ensure 3DS2 matches the look and feel of their storefront.
• Improved customer experience - Biometric authentication can occur within in-app purchases without needing to redirect the customer outside of the app, reducing the amount of friction at the checkout.

Why might it fail?

3D Secure 2.0, whilst described as a very frictionless process, is not right for every merchant.

Although PSD2 SCA requires a level of authentication, such as that of 3D Secure 2.0’s protocol within the EEA, merchants looking to take payments might find that risk-based assessments at the checkout are unnecessary, depending on how their global shopper prefers to pay.

Whilst it’d be obvious to point out that certain alternative payment methods, such as invoices and prepaid cards, might negate the requirement of 3D Secure 2.0, the bigger point of friction lies in the variation of fraud rates in different countries. Across the world, different issuing banks have had varying approaches to tackling fraud in e-commerce due to the individual fraud rates of their territories.

Additionally, depending on the size of various e-commerce markets, issuing banks may have implemented other authentication methods or fraud checks that can create friction and possible faults within 3DS2’s protocol.

Rarely, in the case where a customer’s card is not registered for either 3D Secure’s protocols, version one and two, then a transaction will also fail to authenticate. This is likely to be more common in foreign territories when other card schemes are more popular and e-wallets prevail over credit card use.

Finally, whilst implementing 3D secure 2.0 into your checkout protocol is recommended as a risk and compliance measure, there are sporadic periods when your payment gateway may remove its availability. Businesses should refer to their payments provider for other SCA-compliant modes of authentication at these times.

Whilst PSD2 SCA’s local and broader deadlines have changed several times, the consensus is that the major implementation of 3D secure 2.0 is expected by December 31st, 2020 across most territories.

If you’re looking to increase your authorisation rates, do not hesitate to get in touch with Total Processing today