Staying up to date with 3-D Secure 2: What you need to know.

The increasing sophistication and adoption of the internet and the technology associated with it have led to a sea change in consumer shopping behaviors. Now more than ever, people feel comfortable making electronic purchases of merchandise that can be delivered to them quickly, sometimes within a matter of hours.

An innovation from global technical body EMVCo called 3-D Secure 2 is helping to reduce the risk that these shoppers will become the victims of online fraud.

What is 3-D Secure 2?

In order to combat cybercrime, security professionals continue to come up with ever-more complex strategies to verify the identity of users and proactively detect and prevent online fraud. 3-D Secure 2 (3DS2) is an enhancement of the original 3-Domain Secure protocol that was introduced by Visa in 1999 and was designed to ensure that the entities submitting online payment processing were who they said they were.

The new protocol builds on the two-factor authentication introduced with its predecessor and also addresses the challenges of paying with multiple types of devices.

The three domains involved include the acquirer domain (referring to the bank and merchant receiving the funds), the issuer domain (the bank that issued the shopper’s credit card), and the interoperability domain (the elements involved in enforcing 3DS such as the internet, the access control server and the merchant’s ecommerce plugin).

When 3-D Secure 2 is in place, more than 100 key data points are examined to provide all players in the payment process an added layer of protection against fraud.

How 3-D Secure 2 works.

As soon as the user enters their credit card details during the checkout process, the company that provides the merchant with 3D security sends a request to the issuer to authenticate the customer’s identity.

This correspondence is made up of specific cardholder and device information. Upon receipt, the issuer’s 3D security provider assesses the level of risk that the transaction poses. If determined to be high, the customer will be required to verify their identity with biometric details and/or a passcode. If deemed low-risk, no action will be mandated.

In both cases, the transaction is sent to the merchant, who subsequently submits it for authorization.

Who supports 3-D Secure 2?

Most of the major credit cards are on board with 3DS 2. Each tends to identify it with its own branded name: Mastercard Identity Check, Visa Secure, American Express SafeKey, J/Secure for JCB members, and ProtectBuy for Discover and Diners Club patrons.

Benefits of  3-D Secure 2.

A great deal has changed since the first version of 3-D Secure was released in 1999. Back then, desktop computers were the primary vehicles used for online shopping. Frequently, users were not even able to use the 3DS protocol unless and until they provided their bank with a static password that was associated with their credit card.

Whenever customers lost this information, they needed to contact the bank for a reset, resulting in frustration, added operational costs, and a tendency for many shoppers to drop out of the program altogether.

When 3DS 2 was released, it delivered the following benefits. 

• An increase in the consistency of the user experience across all types of devices, including mobile phones.
• Enhanced data exchange that further helps to prevent identity theft, fraud, and other types of cybercrime.
• A more frictionless payment experience for the shopper. The entire process happens in the background, minimizing confusion and promoting efficiency and customer trust.

When 3-D Secure 2 authentication fails.

In the vast majority of purchases, transactions flow seamlessly and are authorized in a matter of seconds. However, there are instances when a secure transaction is rejected, the purchase does not go through, and the customer is not charged. This can happen for the following reasons.

• The customer’s bank does not support 3DS or 3DS 2 authentication.
• The customer has entered incorrect authentication details.
• Due to technical difficulties with the 3DS protocol, it is not available at the time the transaction is attempted.

In the last two of these instances, attempting to process the payment again can often resolve the problem.

The advantages of implementing 3DS 2.

The 3-D Secure 2 protocol facilitates frictionless, safe payments, helping to reduce the risks inherent in online shopping for merchants and customers. In addition, advantages include the following.

• More intuitive. When questions arise about a shopper’s identity, the person can easily verify it with information including their biometric information and passcodes.
• Lightning-fast exchange of rich data to authenticate the payment. Within just seconds, as many as 100 pieces of information can be sent to assess the risk of an impending payment. In most cases, the transaction will go through without an additional challenge thanks to this enhanced flow of details.
• Reduced chance of fraud. Heightened precautions mean that cybercrime can be prevented before it happens.
• The merchant is no longer held liable for chargebacks when 3DS 2 is in place. The onus has been transferred to the cardholder’s bank.
• Fewer false declines. Access to numerous key data points makes it possible for legitimate transactions to be accepted and bogus ones declined much more reliably, with a lower number of transmission errors.
• Fewer instances of shopping cart abandonment. Customers tend to abort a purchase when they become frustrated with the checkout process. Too many questions and challenges that seem unreasonable can cause people to click away, potentially forever. With the risk-based approach of 3DS 2, only a very small minority of flagged transactions require additional identity verification.

In the years to come, ecommerce seems poised to gain even more popularity. Thanks to the enhanced security and streamlined quality that 3DS 2 offers, consumers will doubtless continue to take advantage of the growing convenience and safety to be found in making purchases of goods and services online.

If you have not already incorporated 3-D Secure 2 from EMVCo into your business model, think about the many advantages that doing so will bring to you and your valued customers. Then talk to your payment processor to get started as soon as possible!