3DS is a security protocol for online payments aimed at reducing fraud. The abbreviation stands for 3-domain secure, meaning it involves three parties: the acquiring bank, the issuing bank, and the payment infrastructure. It was implemented back in 2001 when the only way to shop online was by using a computer.
Technologies have changed a lot since then, giving space for e-commerce growth, digitalisation, development of new payment methods, and thus new regulations. The fraudsters have also become much more inventive. Altogether, it created a need for a new, more advanced and relevant security standard.
3DS2 was created in 2015 and is now considered a requirement for Strong Customer Authentication under PSD2. In this article, Corefy gathered the new standard’s main benefits. But first, let’s learn what 3DS2 is.
What is 3DS2?
3DS2 is a next-generation version of the security protocol developed and owned by EMVCo (American Express, Discover, JCB, Mastercard, UnionPay, and Visa). It aims to eliminate the weaknesses of the first version and significantly increase the attractiveness of the technology in general for market participants, the quality of the assessment of the transaction legitimacy, and the need for its authentication.
Please find out more about the 3DS2 protocol in our Glossary!
Top 10 pros of 3DS2 implementation
1. Robust security
The new standard implies increased security, as instead of static passwords, it suggests using strong customer authentication measures, like token-based or biometric authentication.
2. Streamlined user experience
Frictionless flow is one of the main advantages of 3DS2. It empowers customers to authenticate themselves without being challenged. A process called risk-based authentication makes that possible. It evaluates the risk associated with the transaction and only involves the customer for verification if it is not low enough. In any other case, a customer enjoys the most seamless checkout experience ever imaginable.
3. Higher approval rates
In order to enable risk-based authentication, merchants send extensive data regarding each transaction. It allows the issuer to determine whether or not to challenge a customer for authentication. 3DS2 expands the list of intelligence to be collected by ten times so that the bank can evaluate a transaction’s risk more accurately. Therefore, Mastercard expects around 95% of transactions to be approved right away.
4. Increased conversion
Everything abovementioned сontributes to the significant reduction of cart abandonment rate. In fact, Visa forecasts this rate will drop by 66%, facilitated by reduced payment transaction time, absence of explicit redirect, and mitigation of the password-related risks.
3DS2 goes far beyond desktop-oriented 3DS1. It adds support for in-app authentication and ensures challenge screens compatibility with mobile devices. Challenge screens can also be adapted to the look and feel of a merchant’s website or app.
6. Liability shift
Merchants will reap the benefits of additional protection thanks to the liability shift. With 3DS2, the liability for fraudulent chargebacks shifts from them to the issuer.
7. Lower fees
Mastercard will reportedly double its Auth Fees for non-3DS2 transactions starting from October 2020, with Visa expected to follow suit. What a compelling argument in favour of switching.
8. The use of biometrics
As we’ve already mentioned, 3DS2 turned down static passwords, replacing them with one-time passcodes and biometrics. The latter means that customers can verify themselves using fingerprint, face or voice recognition if their devices permit.
9. White lists
Issuers can add their trusted, reliable merchants to White lists and automatically approve their exemptions requests for all flagged transactions. This mechanism will foster all participants’ responsibility and accountability in running their operations.
3DS2 is a requirement of PSD2 SCA, so if your business falls within the Directive’s scope, you have to implement it. Moreover, PSD2 is a guiding star for authorities worldwide when it comes to payment industry regulation. It means that by being compliant with its requirements, a business will most likely be able to expand globally without drastic compliance hassles.
3DS2 and Corefy’s ecosystem
We at Corefy are interested in empowering our clients to switch to the new security standard and gain access to its unique advantages as soon as possible. That’s why our Integrations team has already been actively working on adapting our PSPs connectors to 3DS2, trying to make the transition seamless for a customer. The more providers offer support for global payments 3DS2 compatibility, the more connectors we can adapt to the new standard.
Photo credit: shutterstock.com