What is 3DS 2.0 and how has it reshaped card payment acceptance?
Implementing 3DS 2.0 will improve fraud prevention and enhance checkout security for your customers. Learn what it is and how it differs from 3DS 1.0.
3D Secure 2.0 is the most recent EMVCo security standard, VISA, and Mastercard’s solution for compliance with the new Strong Customer Authentication (SCA) technical standards mandated by PSD2. Implementing 3DS 2.0 will enable you to comply with rules for Strong Customer Authentication for eCommerce transactions.
This is your all-you-need-to-know guide to 3DS v2.
- 3DS v1.0 was widely acknowledged to have been problematic, adding friction to the online checkout process and driving up cart abandonment rates.
- 3DS 2.0 solved many of these problems, automatically sharing data points with merchants to enable smarter, faster risk management.
- 3DS v2 replaced static passwords with more secure alternatives like one-time passcodes and biometric authentication.
- 3DS 2.0 is a useful tool for achieving Secure Customer Authentication compliance, which is mandatory for all transactions made in the EU and UK.
What is 3DS 2.0?
3DS 2 (3D Secure version 2) is an advanced payment authentication protocol that adds a layer of security to online card transactions by enabling risk-based and frictionless authentication, often using biometrics or one-time passwords to verify the cardholder’s identity.
3DS 2.0 improves fraud prevention by sharing more than 150 data points between merchants and issuers for every single transaction. These include device details, behavioral insights, and purchase history, allowing issuers to analyze every transaction in real time to generate a more accurate risk profile of the payment than a simple password authentication. These checks run in the background to prevent repetitive, arduous input from the consumer.
Security improvements are implemented using strong customer verification methods, including biometrics, tokens, and device-level authentication, replacing static passwords used in 3DS v1. These authentication methods provide seamless compliance with regulations like PSD2 and Strong Customer Authentication.
3DS 2.0 focuses on streamlining online payments to reduce friction, without compromising security. Popups and redirects can be reduced because only the highest-risk transactions will be flagged for additional user authentication. The lack of friction resulting from this change in procedure vastly improves the consumer experience.
3ds 1.0 vs 3DS 2.0
So, what has improved with 3DS v2?
3DS v1
Under 3DS v1, merchants (and customers) frequently complained about high-friction user authentication experiences during checkout. Many believe these hindrances were a principal reason for cart abandonment and a fall in conversion rates.
These concerns were exacerbated by the proliferation of new technology, particularly mobile commerce. Shopping on mobile phones redefined consumer preferences and experiences, though 3DS 1.0 was unable to keep pace with these changes.
Ultimately, poor customer experience and security weaknesses meant the protocol was no longer suitable for the modern marketplace.
3DS v2
3DS 2.0 replaces password-based authentication with systems that are not only stronger but also designed with the ultimate user experience in mind.
When a cardholder makes an online payment under the new protocol, it generates over 150 data points, shared between the merchant and the issuer to provide the issuer with a much clearer picture of the transaction's validity. This data is used by the issuer to generate a more accurate risk profile for the payment, making it more secure and seamless. The lack of friction that results from this change in procedure vastly improves the consumer experience.
3DS 2.0 and strong customer authentication
Under PSD2, Strong Customer Authentication (SCA) replaces static passwords with ‘two of three factor’ authentication: ‘what you know’, ‘who you are’, or ‘what you have’. By placing biometrics (‘who you are’) at the center of the verification process, merchants are better equipped to manage the authentication process more seamlessly for mobile commerce, which is key to online retail customer experience. And by giving consumers the choice as to how they verify their identity, even the process of verifying high-risk transactions is a huge upgrade on the current system.
It is important to note that SCA compliance is now mandatory for all payments made within the EU and the UK. Failure to process payments in accordance with SCA can result in rejected transactions, penalties, and lost revenue. Implementing 3DS 2.0 is a vital step towards achieving SCA compliance for all transactions.
How does Paysafe support 3DS 2.0
Paysafe supports 3DS 2.0 by enabling merchants worldwide to secure online payments and achieve Strong Customer Authentication (SCA) using the updated protocol, verifying transactions through two-factor authentication with tools like passwords, devices, or biometrics.
Integration is streamlined with Paysafe’s single API, offering plug-and-play setup and customizable payment solutions alongside dedicated 24-hour support, allowing merchants to easily implement and upgrade to 3DS 2.0 for compliance with PSD2 and to minimize fraud on the global stage.
Learn more about Paysafe’s 3DS 2.0 solutions.
3ds 2.0 FAQs
What does 3DS mean in payments?
3DS (3D Secure) is an authentication protocol that adds an extra layer of security to online card transactions by requiring users to verify their identity using a password, one-time passcode, or biometric authentication. The “3D” refers to the three ‘domains’ involved: the card issuer, the merchant, and the infrastructure supporting the authentication.
What is the latest version of 3D Secure?
The latest version of this security and authentication protocol is 3DS v2.0.
What are the disadvantages of 3D Secure?
3D Secure introduces some checkout friction, leading to higher cart abandonment rates. However, the latest iteration, 3DS 2.0, has made significant efforts to reduce friction compared to its predecessor, v1.0.
