3D Secure represents a user authorisation protocol for card-not-present operations. Visa and MasterCard created it to provide an additional layer of security for e-commerce transactions. This protocol allows for exchanging data between the merchant, the card issuer and, if necessary, the consumer to confirm that the original account holder initiated the transaction. The 3D Secure payment protocol is an effective preventive measure to be taken by e-commerce business owners to protect their businesses and their customers from potential fraudsters and decrease the likelihood of unauthorised charging and chargebacks.
The concept of a 3D Secure technology arose since three domains are involved here: a merchant or an acquirer, who requests the payment card data, a payment system that redirects the payer to a password confirmation page, and the card issuer’s domain or a specialised service, where a confirmation page is formed, and the entered security codes are checked.
A 3DS payment gateway is a gateway that utilises the 3D secure protocol for users' authorisation when they pay for their purchases in an online store. Making an online payment via a 3DS payment gateway, a cardholder should prove their identity by entering a code, temporary PIN, or password.
So, when you use a 3D secure payment gateway, the process of authentication comprises the following steps:
The 3D Secure payment technology minimises card fraud risks for merchants due to the liability shift issuing bank is responsible for the transactions performed with this type of verification. All the authentication data provided by the customers is stored on the payment server of the issuing bank. The online store does not have access to it, except for a part of the information on the payment card details, but in the amount allowed by PCI DSS.
Payment gateway providers take these measures to increase cardholders' data security. If to look at the advantages of 3DS payment gateways for merchants, the main one is decreasing the likelihood of chargebacks. It is important for high-risk merchant accounts and for general business performance health.
3DS 2.0 is a next-generation version of the 3DS protocol developed and owned by EMVCo. It aims to eliminate the pain points of version 1.0 and significantly increase the attractiveness of the technology for market participants, the quality of the assessment of the transaction legitimacy, and the need for its authentication.
Compared to 3D Secure 1.0, the following changes have been implemented in version 2.0:
With 3DS 2.0 updates, merchants can receive more data when interacting with issuing banks and payment gateways. It allows them to collect valuable insights about the transactions after the order is made. For instance, the number of times a customer was redirected to the 3D secure payment page, as well as the percentage of authenticated payments, can provide a complete picture of customer behaviour. This, in turn, provides analysts with important statistics on fraudulent transactions and activities, helping to improve the protection system.
The transition to 3DS 2.0 is objectively necessary against the background of a fragmented payment landscape, including the widespread use of mobile devices, unpredictable changes in user behaviour (for example, due to a pandemic), and higher requirements for usability, stability, and speed of payment instruments.
At Corefy, we empower clients to switch to the new 3D secure payment standard and access its unique advantages. Our integration team has been actively adapting our PSPs connectors to 3DS2, trying to make the transition seamless for a customer. The more providers offer support for 3DS2, the more connectors we can adapt to the new standard.
