3D Secure Versions Explained

3D Secure (3DS) is an important security protocol that requires customers to undergo an additional authentication step when making card payments online. The “3D” aspect refers to the involvement of three domains: the card issuer, the merchant, and the intermediary infrastructure that enables communication between the consumer and the merchant.

Given the rapid evolution of consumer behavior and the significant growth of digital payments via tablets, cell phones and the Internet of Things, there has also been a recent increase in fraud. In response to these trends, the European Payment Services Directive (PSD) has introduced an updated version called PSD2.

PSD2 provides for new transaction security measures, including strong customer authentication (SCA), risk-based authentication (RBA) and transaction risk analysis (TRA). These measures are designed to improve the safety and security of digital transactions in the evolving payment services landscape.

Find out more information about PSD2 in detailed guide “How to Be PSD2 Compliant?” and possibility of introducing a new update in “What to Expect from PSD3” article.

How Does 3D Secure Work To Enhance Online Payment Security?

The 3DS verification process is triggered when certain conditions are met during an online card payment attempt. These conditions include residing in a region where Strong Customer Authentication (SCA) is mandated or meeting specific criteria established in your payments or fraud prevention system.

For instance, you can configure 3DS to prompt the customer for authentication if the transaction amount surpasses $500 or if it’s flagged as high-risk. While your payments system might come with default 3DS rules, you have the flexibility to create custom rules according to your requirements.

Once a transaction necessitates 3DS, the customer will be prompted to undergo an additional authentication step. Typically, they will be redirected to their bank’s website or app authentication page, where they will be required to use a one-time password (OTP) or provide biometric information to approve the purchase. After successful authentication, they will be redirected back to your website to receive payment confirmation.

What Is 3D Secure 2.0?

The 3D-Secure protocol has undergone significant improvements in its second iteration, known as 3D-Secure 2.0. This updated version aims to provide “frictionless shopping,” combining the ease and speed of traditional transactions with the security of 3D-Secure. With the introduction of multi-factor authentication, consumers can now enjoy seamless and secure transactions, even for card-not-present scenarios. The best part is that merchants can rest assured, as they are not liable for any security/payment issues. Instead, it’s the acquiring bank that takes responsibility. This win-win situation leaves both customers and merchants happy with the straightforward and secure authentication process.

Difference Between 3D Secure 2.0 vs. 3D Secure 1.0

The 3DS 1.0 protocol had limitations for non-browser e-commerce transactions, causing frustrations for mobile and in-app payments. The 3DS 2.0 protocol, managed by EMVCo and major card networks, aims to improve the overall performance, offering a consistent user experience across e-commerce channels and devices. It brings benefits like reduced fraud liability, interchange fees, and improved authentication, leading to higher approval rates and smoother transactions.

PSD2 regulations considered customer experience, allowing merchants to maintain speed and user-friendliness. 3DS 2.0 enhances integration with merchants, reducing cart abandonment and improving security without compromising convenience.

3DS 2.0 marks a significant leap forward compared to 3DS1, which was known for its sluggishness, lack of user-friendliness, and occasional negative impact on customer trust.

The key advantages of 3D Secure 2.0 are as follows:

• Enhanced risk assessment – With 3DS2, a substantial amount of data is relayed to issuers, granting the system valuable contextual information about the customer and the transaction. This leads to more accurate risk assessments, resulting in optimized outcomes for both shoppers and merchants, and ultimately higher acceptance rates.
• Improved user experience – Thanks to improved risk assessments, customers deemed low risk can now proceed with their purchases seamlessly, without any disruptions (frictionless flow). On the other hand, higher-risk customers can be presented with a user-friendly authentication process, such as biometrics or a one-time password (challenge flow), which can be conveniently completed within the merchant’s website or app. This enhanced user experience boosts customer trust and confidence in the process.
• Fraud and chargeback reduction – The increased accuracy provided by 3DS2 translates to better fraud prevention and a higher acceptance rate for legitimate transactions. Additionally, 3DS2 safeguards merchants by shifting the liability for fraud-related chargebacks onto the card issuer.
• Lower cart abandonment – Integrating the 3DS experience seamlessly into the user’s shopping journey minimizes disruptions and reduces the likelihood of customers abandoning their purchases out of frustration.

What is 3D Secure 2.3?

EMV 3DS 2.3 version has been approved and released by EMVCo’s Board of Advisors.

This updated version brings various enhancements, offering increased flexibility for implementing EMV 3DS across multiple channels and devices. It empowers issuers to swiftly and accurately detect fraudulent transactions while providing consumers with a streamlined authentication process, ultimately enhancing the overall payment experience.

Advantages of 3D Secure 2.3

The primary focus of this new version is to substantially improve the customer’s payment experience by creating a much smoother authentication process.

Enhanced Smoothness in the SCA Process

With 3DS 2.3, merchants can now share an increased amount of data with issuer banks, encompassing transaction details, preferred payment methods, customer devices, tokens, and more. This surplus of data empowers issuers to conduct faster and simpler customer authentication. By having a comprehensive view of transaction risks, issuers can apply the appropriate level of authentication, resulting in reduced friction and higher approval rates for transactions. Moreover, for higher-risk transactions, such as those from new devices or involving substantial amounts, 3DS 2.3 streamlines the challenge process, allowing customers to confirm the transaction with minimal friction.

Enhanced Payment Experience for Customers

3DS 2.3 introduces a significantly improved user interface (UI) that fosters clear communication between merchants and issuers, guiding customers seamlessly through the authentication process. One of the notable features is the automated out-of-band (OOB) transitions. This allows customers to effortlessly confirm transactions requiring authentication in a separate channel.

Unlike older versions of 3DS, where this process involved numerous manual steps, such as sending push notifications to the customer’s mobile banking or e-wallet app for approval, 3DS 2.3 automates the transition between the merchant app and the banking app whenever OOB authentication is required. This streamlines the checkout experience, making it faster and simpler for the customer.

Moreover, 3DS 2.3 supports device binding, allowing consumers to specify their preference for being remembered on their devices. This feature leads to quicker authentication for future purchases, enhancing convenience for customers.

Effortless Integration of 3D Secure Across Devices and Channels

With 3DS 2.3, merchants can seamlessly deploy 3DS on numerous devices and channels, extending its usage even to IoT devices like smart speakers. This version also offers enhanced support for OS and platform partners. Moreover, 3D Secure 2.3 caters to various industry-specific requirements with its extensions, accommodating diverse use cases.

Enhanced Security and Fraud Prevention Measures

3DS 2.3 further fortifies the security features of its predecessors, offering robust protection to merchants against fraud-related chargebacks. It enables seamless compliance with the PSD2 and Strong Customer Authentication (SCA) regulations. 3DS 2.3 introduces support for a variety of authentication methods, empowering merchants to pre-screen customers and mitigate fraud risks effectively.

One such method is FIDO authentication, a globally-accepted approach that allows users to verify their identity using security keys or biometric scans (fingerprint, voice, iris) instead of passwords. Merchants can employ FIDO authentication across websites and apps. With 3DS 2.3, merchants can conveniently implement FIDO authentication once the cardholder and device are registered on their platform. This process can be seamlessly embedded during checkout or sign-up, ensuring quick and secure authentication for customers.

What Is 3D Secure 2.3.1? 

On September 29, 2022, EMVCo, the global technical body, unveiled an update to the EMV® 3-D Secure (3DS) Specifications aimed at empowering issuers and merchants to combat the escalating risks of card-not-present (CNP) fraud. EMV 3DS 2.3.1 builds upon previous versions of the specifications, introducing new data elements and flows that streamline consumer authentication and enhance card-not-present fraud prevention measures. Immediate in effect, EMV 3DS 2.3.1 replaces the earlier version, EMV 3DS 2.3.0, to ensure maximum efficiencies and a seamless payment experience.

EMV 3DS 2.3.1 introduces significant improvements, including:

• Support for Secure Payment Confirmation (SPC): New data elements allow issuers and merchants to better assess transaction legitimacy, reducing fraud risk.
• Out-of-Band (OOB) authentication support: New data elements facilitate a simpler way for consumers to confirm transactions through a separate channel.
• User Interface (UI) enhancements: Enriched user experience and additional features for improved server component functionality.
• Enhanced challenge process: New data elements and flows offer more options for additional authentication in higher risk transactions.

Additionally, EMVCo has developed an EMV 3DS Bridging Message Extension, enabling existing 2.1 and 2.2 products to utilize selected features from version 2.3.1.

Conclusion

Although 3D Secure protocols are vital for safeguarding both online sellers and buyers, navigating the intricacies of 3DS implementation can be daunting for businesses, potentially leading to lost sales and dissatisfied consumers if not executed properly.

To help merchants effectively implement 3DS and protect their customers, Solidgate’s payment processing platform offers a seamless integration of the latest security protocols and an additional layer of protection against fraudulent activities.

By choosing Solidgate, merchants can focus on their core business while leaving the complexities of secure online transactions in capable hands, ultimately paving the way for sustained growth and success in the fiercely competitive digital marketplace.

FAQ