3-D Secure 2.0 has bridged the gap between secure payments and excellent customer service. Learn how this updated protocol enables frictionless payments while increasing speed and security for digital transactions in browsers, mobile apps, and connected devices.
Digital commerce appears to be accelerating at an unbelievable rate. As the Internet of Things (IoT) expands, payment options are rapidly growing. According to IoT Analytics, there will be 14 billion connected devices in 2022, with a projected increase to 27.1 billion by 2025.
Consumers are making more card-not-present (CNP) payments than ever before, making it more difficult to verify the consumer’s identity and the transaction’s validity. This is especially true in the post-EMV era, where the widespread elimination of POS fraud has pushed criminals to the CNP channel. Add to that, the issue of false positives—where more than half of all declined transactions are legitimate, and merchants stand to lose a lot of money, is also rising.
It goes to show that new methods of preventing fraud are more important than ever. The key is to identify effective fraud prevention mechanisms that do not disrupt the customer experience. Consumers should be able to make online payments quickly, easily, and securely. This is where 3-D Secure 2.0 enters the picture.
For years, the first 3-D Secure (Three Domain Secure) authentication has been used as an extra security layer for card-not-present (CNP) transactions. It serves as a messaging mechanism between the three domains involved in these transactions: financial institutions, online merchants, and payment processing technology/networks. Originally intended to increase consumer trust in online transactions, the first version introduced unnecessary friction and false positives, resulting in increased purchase abandonment.
Every merchant’s holy grail is to facilitate as many legitimate transactions as possible while preventing fraud. The shortcomings of the original protocol have been addressed in the release of the newer version, which enables a secure, real-time information-sharing mechanism. The 2.0 version allows merchants to share a large number of transaction attributes with issuers in order to more efficiently and effectively authenticate customers.
Version 1 is still available to merchants as an option. However, merchants should upgrade to the newer version, which supports token-based and biometric authentication over static passwords. This newer version, also known as EMV® 3DS or 3DS2, allows for the transmission of rich data in transactions, allowing for risk-based decisions on whether or not to authenticate a transaction. 3-D Secure 2.0 will use token-based and biometric authentication, removing the need for initial enrollment and eliminating the need for customers to remember static passwords.
By allowing for additional data during transactions, risk-based decisions on whether or not to authenticate will be possible. As a result, the customer experience should be improved and simplified, resulting in fewer abandoned transactions and a more frictionless experience for consumers.
The new version also allows for “frictionless flow,” which is made possible by the replacement of the Merchant Server Plug-in (MPI) with the 3DS Server, which is part of the “3DS Requestor Environment” (aka the collective components in the merchant’s domain). In essence, the issuer can approve a transaction using risk-based authentication on the Access Control Server (ACS) rather than cardholder interaction.
This risk-based authentication also gives the merchant more control over the transaction’s outcome. The 2.0 protocol enables merchants to share a large amount of rich information (device ID, historical payments, location, registered users, and so on) with the issuer, which also has a large amount of data and can vouch for its cardholders.
Finally, in the event of a dispute or chargeback, 3-D Secure 2.0 shifts liability from the merchant to the issuer. The merchant is not liable for disputes or chargebacks as long as a transaction is authenticated (or attempted authentication occurs).
The protocol has evolved to accommodate consumer preferences and merchant requirements, resulting in increased security and a better customer experience. The following are some of the ways the new version improves the overall experience:
Authentication on the newer 3DS is done using more secure methods than a static password, such as biometric authentication via face or voice recognition. There are several advantages here. For starters, it relieves the customer of the burden of remembering a static password. It also removes easy-to-guess passwords from the equation, removing the possibility of fraudsters stealing them. Perhaps most importantly, it removes some of the friction from the customer experience, resulting in fewer purchase abandonments from frustrated customers who have been asked to jump through one too many hoops.
The new protocol eliminates the need for customers to remember static passwords as well as the initial enrollment process during shopping. Fewer interruptions mean fewer opportunities for a customer to abandon the purchase. Furthermore, merchants now have a greater ability to provide a consistent look and feel to the user interface across devices, eliminating the vexing pop-up box of the past. The newer version is unquestionably more customer-focused.
The new version also includes a framework for cross-device authentication. This means that the 3-D Secure protocol can be used with browsers, applications, mobile devices, and other connected devices.
This also broadens the protocol’s authentication capabilities beyond card-based payments. That means 3-D Secure 2.0 can support mobile payments, digital wallet payments, and in-app payments.
The bottom line is that the new 3-D Secure 2.0 protocol provides merchants and issuers with rich data-backed authentication, allowing them to make intelligent authentication decisions based on their knowledge of customer behavior. This benefits all parties: the legitimate cardholder can make frictionless purchases, and the merchant and issuer can prevent fraud without impeding legitimate sales. As a result, revenue increases, operational costs decrease, and fraud-related losses are reduced. In short, merchants and issuers combat fraud without impeding legitimate transactions.
It’s also worth noting that 3-D Secure 2.0’s inherent multi-factor authentication (MFA) makes it an appealing tool for the European market, which operates under the revised Payments Service Directive (PSD2), which mandates MFA for all transactions. Merchants who do not enable or facilitate multi-factor authentication are held liable in fraud cases, making 3D-Secure 2.0 an ideal solution for reducing liability.
Early adoption of this technology has already begun, and in April 2022, Visa rules for merchant-attempted 3-D Secure transactions were pushed to 3-D Secure 2.0. This allows merchants to test and fine-tune their implementations. The overall effect should be lower fraud and abandonment rates for merchants and a better, more frictionless experience for customers.
Talk to our team to know more about the use cases of 3-D Secure.
We’re giving you a fresh dose of insights, perspectives and the latest trends from the world of payments.