3DS 2.0: understanding the new approach to authentication.
3D Secure (3DS) is an additional layer of security provided by American Express, Visa, Mastercard, and Discover to enable stronger protection for online debit and credit card transactions. During the first iteration of this standard, customers were directed to their issuing banks’ pages to verify their identities during the payment process. More recently, 3DS 2.0 has been augmented to become 3DS 2.2.
Several years back, 3D Secure was rolled out to help safeguard the payment arena. In many respects, this rollout was successful. For one thing, businesses were given a more robust way to verify that a customer was legitimate. Furthermore, liability for any fraud that did occur during a 3D Secure transaction was shifted off of the shoulders of the merchant and onto the customer’s bank. All that being said, the authentication process was clunky, false declines were rampant, and there was no way for a merchant to opt out.
By way of contrast, the new 3DS2 protocol corrects many of these lapses. Trusted consumers do not need to go through the authentication process, it integrates with mobile apps and browsers alike, more data points can be shared with the issuer to reduce false declines, and merchants can opt out if desired. This leads to more flexibility, a seamless and secure payment processingexperience, and happier customers.
Frictionless 3D Secure payments.
When a consortium of six major credit card networks known as EMVCO released their latest version of 3D Secure, their intention was to strengthen authentication protocols while simultaneously making the user’s purchases flow more smoothly. As the name implies, the so-called frictionless 3D Secure leads to a much easier payment experience from start to finish. Thanks to this update, merchants and their payment providers can include many more pieces of data when sending a payment transaction through to the customer’s bank. This information can include basics such as email and shipping addresses as well as other relevant contextual facts, such as the customer’s device ID or information about previous transactions. This data is by no means trivial; it can be used by the cardholder’s bank to determine whether the customer is legitimate and the transaction should be allowed to go through, or alternately, if additional authentication information is required before the sale is completed.
No longer must a trusted customer remember a PIN or be redirected to another site for authentication. Instead, they simply enter their credit card information and other payment details onto the checkout page where a JavaScript code has been inserted. The consumer’s sensitive information (as well as their digital footprint) are then transmitted to the cardholder’s issuing bank. As long as the card is validated and the transaction is approved, it is considered to be 3D Secure Verified; otherwise, the consumer will need to provide additional Strong Customer Authentication (SCA). This SCA verification must consist of at least two of the following three components: knowledge (something only the user knows such as a PIN), possession (something only the user has such as a smartwatch) and inherence (something related to the user that cannot be changed, such as a fingerprint). Whether the SCA is immediately accepted or the customer needs to pass these further challenges, the merchant is not liable for the costs if fraud should occur.
An enhanced user experience.
By the time 3DS2 came into being, mobile technology already reigned supreme. Consequently, this standard quickly improved the identity verification experience for all of the relevant players in this digital milieu. For instance, all banks provide mobile apps that enable customers to access information and services via their smartphones. With 3DS2, gaining access to these apps via authentication methods has been made both easier and more secure. As a result, consumers can now verify their identity using biometric data such as a fingerprint or even facial recognition. In addition, checking out no longer involves those unsettling redirects to foreign pages; the entire experience is contained within the merchant’s checkout section.
This enhanced SCA verification will benefit everyone. Customers will be pleasantly surprised to encounter a faster, less frustrating, and more secure payment processing experience. Meanwhile, merchants will encounter fewer chargebacks because the “not authorized” reason code no longer applies. Thanks to 3D Secure 2 protocols, most payments can be completely processed and verified according to PSD2’s SCA requirements without the customer needing to take any additional steps. Behind the scenes, their data can be silently authenticated with the card issuer. In the event that extra verification is required from the customer, 3D Secure 2 also allows for the use of biometrics and PINs.
How Inovio fits the scoops.
While there is no doubt that complying with the updated 3D Secure standards is a positive game-changer for buyers and sellers alike, doing so can still be a challenge for businesses. Fortunately, all of our systems are fully updated, and our expert team of knowledgeable staff is ready to give you any information and training you need. No matter where in the world your company is based, or the nature of the industry in which you operate, we can outline all of the authentication protocols and their exceptions to ensure that your payment systems and procedures are fully 3DS 2.0 compliant from the start. When you possess this knowledge, you can accurately determine when you must deploy additional authentication challenges and when you can forego them while still remaining compliant. The result is a more seamless payment experience for customers and financial savings for you. Now that 3DS 2.0 is the accepted standard, let us help you make the most of its benefits.