3D Secure 2.0 and Card Schemes
Modern financial technology has introduced a range of innovations, including peer-to-peer lending platforms, virtual financial tools, e-commerce sites, and mobile trading apps. While these advancements have greatly improved convenience and utility, they have also heightened concerns about security.
3D Secure 1.0, initially designed to protect credit and debit card transactions, used an XML-based protocol where users had to verify their transactions with a static password. Although effective in reducing fraud, especially for merchants, 3D Secure 1.0 had limitations, particularly affecting user experience and conversion rates in browser-based transactions.
To address these issues, 3D Secure 2.0 has been developed by EMVCo, a consortium of leading global payment companies, including American Express, Visa, and MasterCard. This updated protocol replaces static passwords with biometric authentication and extends support to mobile, in-app, and digital wallet transactions. It features advanced functionalities like end-to-end message processing and risk-based authentication.
Implementation of 3D Secure 2.0 by Major Card Schemes
To ensure secure online transactions and enhance protection against fraud, major global payment companies under EMVCo have adopted 3D Secure 2.0. Here’s how each card network implements this solution:
Visa - Verified by Visa
Visa’s Verified by Visa service uses 3D Secure 2.0 to bolster online payment security. It employs two methods for verification:
- Direct Cardholder Verification: Visa seeks additional information directly from the cardholder to confirm their identity.
- Behavioral Analysis: The system examines payment behavior to identify any irregularities.
These mechanisms work together to confirm transactions only after comprehensive background checks, reducing the risk of fraudulent activity and ensuring that personal card details remain secure.
MasterCard - Identity Check
MasterCard’s Identity Check utilizes 3D Secure 2.0 to provide robust authentication. The system supports biometric verification and two-factor authentication across all card-not-present platforms and multiple devices. The goal is to address the growing issue of online shopping abandonment and improve the overall e-commerce experience, thereby boosting conversion rates.
By implementing 3D Secure 2.0, these card networks aim to offer secure, seamless online transactions while addressing the evolving needs of digital payments.
American Express SafeKey 2.0
American Express SafeKey 2.0 is an advanced authentication tool designed to enhance user identity verification. Utilizing dynamic one-time passcodes and risk-based authentication, SafeKey 2.0 adheres to 3D Secure 2.0 specifications. This approach significantly reduces the need for frequent password requests, thereby improving customer experience by mitigating the frustrations associated with complex authentication procedures.
J/Secure by JCB
J/Secure, developed by Japan Credit Bureau (JCB), is a payer authentication service that aligns with 3D Secure 2.0 standards. It enhances security by employing password authentication, thereby reducing the risk of card information being compromised during transactions. JCB ensures that this additional security step does not significantly increase processing times, maintaining a premium online customer experience. Merchants also have the option to use other authentication services, provided they comply with EMV specifications.
Discover ProtectBuy (Diners Club)
Discover ProtectBuy enhances security by generating a temporary identification code, which is sent directly to the user’s preferred contact method. This code is requested only for transactions deemed ‘high-risk’, protecting users from potential fraud. The system operates in real-time, allowing users to shop with peace of mind, knowing they are safeguarded against fraudulent activities.
UnionPay 3D Secure 2.0
UnionPay has implemented 3D Secure 2.0 to enhance online shopping security and user data protection. The payment page provides clear, step-by-step instructions for completing transactions seamlessly. After entering the card number and other required details, the transaction is not finalized until a password authentication process is completed. During this process, shoppers receive a one-time PIN code that expires within 60 seconds. UnionPay’s extensive experience in secure payment solutions has made it a leading technological partner in the development of EMVCo.’s future frameworks.