Revolutionizing Security with Non-Payment Authentication in 3D Secure 2.0
The upgraded 3D Secure 2.0 protocol is transforming the payments industry by extending its fraud prevention capabilities beyond traditional payment scenarios. This new version supports secure transactions across a variety of channels, including non-browser-based platforms and mobile devices. A key innovation is non-payment authentication, which broadens the protocol’s application.
Understanding Non-Payment Authentication
To appreciate the benefits of non-payment authentication, it’s useful to understand the original 3D Secure protocol. In version 1, cardholders had to verify their identity with the issuing bank through a popup or inline frame during checkout. This process had two main drawbacks:
- User Hesitation: Customers often abandoned transactions due to doubts about the legitimacy of popup windows requesting personal information.
- Compatibility Issues: The protocol was developed before the widespread use of mobile payments, leading to challenges with mobile browsers.
3D Secure 2.0 addresses these issues by improving mobile compatibility and allowing merchants to separate authentication from the payment process. This separation reduces user abandonment rates and enhances the overall customer experience.
Non-Payment Authentication in Mobile Apps
The impact of 3DS 2.0 on mobile payments is significant. Mobile SDKs facilitate the integration of the updated protocol into existing apps, enabling seamless non-payment authentication. For example, in mobile wallets or eWallets, users store their card information securely within the app, allowing for efficient transactions without repeatedly entering card details.
With 3DS 2.0, authentication can occur within the merchant’s mobile application, adding an extra layer of security when users enter card details for future transactions. This integration ensures that authentication takes place in a less intrusive environment, approved by the issuer, providing a smooth and reassuring user experience. Mobile wallet providers can leverage insights from issuing banks through a direct connection to the Directory Server, using 3DS Servers and Mobile SDKs.
Compliance with PSD2
The introduction of PSD2 (the second Payment Services Directive by the European Union) aligns closely with 3DS 2.0 functionalities, particularly regarding Strong Customer Authentication (SCA). SCA requires two or more independent elements from these categories: knowledge (something the user knows), possession (something the user possesses), and inherence (something the user is). This includes methods like One Time Passwords (OTPs), biometric verification, and QR codes.
As PSD2 regulations come into effect, financial institutions must comply with SCA requirements. For merchants and issuers, 3DS 2.0’s non-payment authentication features already align with these regulations, simplifying compliance. Transitioning to a 3D Secure 2.0 ACS server may also be beneficial for banks as they navigate evolving regulatory requirements.
Conclusion
Jonathan Main, Chair of the EMVCo Board of Managers, highlights that while security is a priority, enhancing the consumer experience is equally important. 3DS 2.0’s non-payment authentication capabilities support a seamless customer journey, improving security across various platforms beyond traditional web browsers. By integrating these advancements, merchants and issuers can effectively meet payment regulations like PSD2 and contribute to a safer online environment for consumers.