What is 3D Secure (aka 3DS)?
The 3 Domain Secure (3DS) standard provides an additional layer of protection in card-not-present credit card transactions for the three domains involved: Issuer domain of the card issuing bank, the Interoperability domain of the card scheme’s infrastructure and the Acquirer domain of the merchants.
The standard was originally designed by Visa in 2001 and branded as ‘Verified by Visa’. It was later adopted and branded by Mastercard as ‘SecureCode’, JCB as ‘J/Secure’, American Express as ‘SafeKey’ and Diners Club International/Discover as ‘ProtectBuy’.
The development of the new version of the standard, 3D Secure 2.0 (or 3DS 2.0) is being facilitated by EMVCo, a six member consortium comprised of American Express, Discover, JCB, Mastercard, UnionPay and Visa.
3DS 2.0 is more than just an update of an old standard. It is designed with the intent to create a frictionless payment experience for cardholders. It will do this by facilitating a richer cardholder data exchange, allowing risk-based authentication by issuers for low risk transactions, instead of authentication challenges to the cardholder, such that most authentication activity will be invisible to the cardholder.
Recognising the necessity to support new and evolving payment channels, in addition to traditional PC desktop and browser-based transactions, 3DS 2.0 includes the ability to support authentication of app-based transactions on mobile and other consumer connected devices.
3DS 2.0 also supports cardholder verification for non-payment transactions, such as adding a payment card to a digital wallet.
3D SECURE 2.0 FEATURES
• Support for the exchange of additional data during transactions to enable intelligent risk-based decisions by issuers as whether or not to seamlessly authenticate or challenge cardholders
• Simplified and enhanced consumer experience, through the elimination of the disruptive sign-up process during shopping, and removing the need for cardholders to remember static passwords
• Enablement of authentication on a wider set of devices, including mobiles and other consumer connected devices
• Ability for merchants to accept payments across multiple platforms and digital media • Support for non-payment cardholder authentication to facilitate identification and verification for digital wallets and secure request of tokens for “card on file”
• Complemented by the use of token-based and biometric authentication.
3DS 1.0 FLOW
3DS 2.0 Flow
It is anticipated that the frictionless flow of 3DS 2.0 will reduce the rates of transaction abandonment compared to those experienced with 3DS 1.0.2, and increase the uptake of 3DS 2.0 by merchants as it enables them to implement a smarter and consistent approach to accepting payments across multiple platforms and digital media. Likewise for issuers, their risk-based authentication will be enhanced by the richer cardholder data exchange.
Merchants and issuers will also be able to support cardholders making purchases using mobile devices and new channels, while cardholders will be able to make purchases using their preferred medium without compromising on security.
KEY BENEFITS OF 3D SECURE 2.0
MERCHANTS will be able to offer a consistent, easy-to-use service across multiple payment gateway platforms and digital media for authenticating cardholders during eCommerce transactions. This will help improve the consumer experience for cardholders and address the issue of high cart abandonment rates in earlier versions of the standard.
ISSUERS can offer ‘frictionless authentication’ by way of richer data exchanges enabling smarter decisions for risk assessment to challenge the cardholder or not.
CONSUMERS want a convenient and secure service when carrying out eCommerce payments. 3D Secure 2.0, along with the corresponding 3DS Server and ACS technology, will provide these benefits, adding efficiency with little to no impact on applications and payment gateways that customers are already familiar with.
Meeting New Payment Method Requirements
The support of non-browser-based “card not present” payments in 3-D Secure 2.0 will mean that in-app, mobile, and digital wallet payment methods will now be possible.
3-D Secure version 1 was not able to support these, as it was only designed for cardholder authentication in online sales transactions driven by standard web browsers. Additionally, 3-D Secure 2.0 will offer the following enhancements compared to the original 3-D Secure:
- Improved messaging with supplementary information for better decisions on authentication
- Non-payment user authentication
- Non-standard extensions to meet specific regulations and requirements, including proprietary out-of-band authentication solutions, used by card issuers
- Better performance for end-to-end message processing
- Improved datasets for risk-based authentication
- Prevention of unauthenticated payment, even if a cardholder’s card number is stolen or cloned
Take a look on SDK and deeper content here: https://www.emvco.com/emv-technologies/3d-secure/
* Original content from here