A major benefit of 3DSecure is that it protects both users and merchants from the threat of payment fraud. The 3D Secure standard was developed by MasterCard and Visa to provide a layer of security to online debit and credit card transactions. The first version of 3D Secure is known as 3D Secure 1, and the second version is known as 3D Secure 2.
Both versions work in similar ways: they require users to verify their identity before completing a transaction on an eCommerce site. This extra step adds an extra layer of protection for customers because it requires them to enter their personal information into a secure portal before completing their purchase.
What is 3DS 1?
The original version (3DS1) can support SCA compliance for PSD2. But even though it was compliant, it was unpopular with merchants because the user experience was varied and often led to shopping cart abandonment by consumers due to pop up windows and perceived security issues.
3DS1 provided merchant fraud liability protection. But from October 2021, 3DS started to be decommissioned by the Card Schemes and 3DS1 was sun set by the Card Associations in October 2022.
What is 3DS 2?
If you’re a merchant, you probably already know that the latest version of 3DS2 has a lot more data-handling capabilities than the previous version. That’s great news—but what does it mean for you?
Well, it means that issuers are going to be able to trust your transactions even more than before! Instead of relying solely on static passwords, they’ll be able to use dynamic authentication via token-based authentication and biometrics methods. With all of that additional information, issuers will be able to implement frictionless authentication, also known as frictionless flow, to automatically approve your transaction.
What are the differences between 3DS 2.1 & 3DS 2.2?
- The capacity to support exemptions is one significant distinction between 3DS 2.1 and 2.2.
Both versions allow risk-based authentication, such as, to support issuer exemptions via the aforementioned Frictionless Flow.
Additionally, 3DS 2.2 enables retailers to submit an exemption request to their acquirer. To request a low-risk exemption, the merchant or payment service provider can use Transaction Risk Analysis (TRA) and use this data. Additionally, it enables Trusted merchants to ask for an exemption.
It’s crucial to remember that the different schemes have certain differences. Additionally, Mastercard has declared that they will activate the TRA-based low-risk exemption. On 2.1, Visa won’t permit this, but it will permit the secure corporate transaction exemption. - Delegated authentication and decoupled authentication are both supported by 3DS 2.2.
What is Delegated Authentication?
Usually, the issuing bank handles the authentication. Delegated authentication refers to the option that issuers have to hand over authentication to a third party. This could be a retailer, an acquirer, or a provider of a digital wallet.
How then does this operate? An illustration would be if a merchant could execute SCA (Strong Customer Authentication) upon login by employing FIDO authentication. There is no need to authenticate because the issuer may use this information to verify the customer’s identity. This would result in significantly less friction, improve the consumer experience, and provide the business more control over how SCA is carried out. You may learn more about the delegated authentication requirements for Visa here (page 503).
What is Decoupled Authentication?
Despite having a similar name, this is not the same as delegated authentication.
When a user performs authentication using a technique that is distinct from the main authentication procedure, this is known as decoupled authentication. Even when the cardholder is offline, this is still possible. If a customer completes SCA on their smartphone to authorize access of another device, for instance, it is a sample use case. a desktop machine.
Conclusion
As ecommerce continues to evolve, so too does 3DS technology. The new 3DS2 protocol is a huge leap forward in the world of online payments. 3D S2 is the payment method of the future. It combines all of the benefits of 3D Secure 2, which is already widely used by banks, issuers and merchants to protect against fraud and increase security. It also integrates with the merchant’s experience at checkout time in order to create a seamless flow of payment.
According to Visa, merchants and issuers should support both 3DS2 versions so that stakeholders can respond to every message version and increase the number of successful transactions for users.