Frictionless Flow with 3D Secure 2.0
Enhancing Security and User Experience
For 16 years, the 3D Secure protocol has provided an additional layer of security for online transactions, verifying cardholders’ identities directly with issuing banks to prevent fraudulent chargebacks. While it has effectively protected both customers and merchants, users often find the process inconvenient and sometimes confusing—much like taking medicine that’s necessary but not always pleasant.
Challenges with the Original Protocol
Despite the growing risks of online fraud, many consumers have not experienced these threats directly. As a result, they might view authentication steps during checkout as unnecessary or even as potential security threats if they are unfamiliar with them. This can lead to abandoned transactions and decreased conversion rates, causing merchants to be reluctant to adopt the protocol. However, as online fraud continues to evolve, the need for robust security measures like 3D Secure remains crucial.
Introducing 3D Secure 2.0
EMVCo addresses these issues with the 3D Secure 2.0 specification, which brings several improvements:
- Mobile Integration: Simplified integration through SDKs enhances the 3DS experience on mobile platforms.
- Non-Payment Authentication: 3DS 2.0 supports authentication for scenarios beyond payments, such as entering card details into mobile wallets.
- Strong Customer Authentication (SCA): Includes methods like One Time Passwords and biometric verification to comply with regulations such as PSD2.
- Frictionless Flow: Uses risk-based authentication to reduce interruptions during transactions.
Understanding Risk-Based Authentication
Risk-based authentication evaluates each transaction’s risk to determine if additional authentication is needed. Factors considered include:
- Transaction value
- Customer’s status (new or existing)
- Transactional history
- Behavioral patterns
- Device information
For instance, if a new card is used without any previous transaction history, the risk is higher, and additional authentication will likely be required. Conversely, if a customer with a purchase history uses a new device, authentication might be necessary to address the risk associated with the unfamiliar device.
Enhancing Seamless Transactions
With Risk-Based Authentication, transactions can be approved without cardholder interaction if the risk is low. When a purchase is made, details like device specifics and transaction amount are sent to the ACS server. The ACS assesses the risk and, if deemed low, authenticates the transaction passively, allowing the customer to proceed without additional steps. This improves the shopping experience by minimizing disruptions and reducing drop-off rates.
Conclusion
3D Secure 2.0 represents a significant advancement, offering seamless integration for merchants, enhanced protection across platforms, and improved user experience. By reducing cart abandonment and providing deeper insights into transactional behaviors, it supports both compliance with PSD2 regulations and the overall security of online payments. As Mike Lemberger, Senior Vice President at Visa, notes, “Through our leadership in advancing 3DS 2.0, we deliver an upgraded authentication service that enhances both the speed and security of payments. This is particularly beneficial for European retailers striving to minimize cart abandonment rates in the e-commerce sector. Additionally, this update equips merchants with essential tools to ensure compliance with PSD2 regulations for card payments, a significant advantage that should be highly valued.”