3D Secure 2.0: What does it mean?

3D Secure 2.0: What does it mean?

When it comes to making a digital purchase, verifying the transaction and the identity of the consumer becomes increasingly important and challenging. Helping issuers and merchants distinguish good transactions from bad will mitigate fraud, while allowing transactions to continue to happen at lightning speed. 3-D Secure 2.0 is an important advancement in this effort that will help prevent fraud and accelerate digital commerce with fast, secure authentication. Keep reading to learn more about 3D Secure technology.


   1. What is a 3D Secure 2.0 technology?

3D Secure 2.0 technology is a security protocol that adds a layer of protection to card-not-present transactions by verifying the customer’s identity. The newly upgraded 3D Secure 2.0 brings merchants more value than ever before: It supports a wider range of card-not-present, e-commerce, in-app, mobile wallet, and MOTO (mail order telephone order) payments, and uses over 150 customer- and transaction-specific data points to authenticate transactions.


   2. How does 3D Secure 2.0 work?

As mentioned before, 3D Secure 2.0 analyses over 150 key data points, including the merchant’s contextual data, acting as an advanced layer of fraud protection. The cardholder enters their card details at checkout. At this point, the merchant’s 3D Secure service provider sends an authentication request with rich data to the issuer. This data includes a varying amount of cardholder and device information upon regional or market law restrictions, such as device ID, MAC address, geo-location, previous transactions etc.


Then, the issuer’s 3D Secure service provider assesses the transaction risk. If the transaction is determined as high-risk, the transaction goes through a challenge. In other words, it prompts the cardholder to verify their identity using biometrics, and/ or two-factor authentication, i.e., a one-time password, a fingerprint etc. If the transaction is deemed as low-risk, no further action is required on the cardholder’s end. The issuer sends the authentication result to the merchant, who in turn submits the transaction for authorisation with a flag indicating the authentication result.


   3. 3DS 1.0 vs. 3DS 2.0

Most shoppers have experienced, at least once, the limitations of the 3DS 1.0 protocol through non-browser e-commerce transactions; paying on mobile devices or in-app can sometimes be a frustrating experience and not quite user-friendly.


The 3DS 2.0 protocol – created, owned and managed by Visa, Mastercard, UnionPay, American Express, Discover and JCB – has been developed with the goal of improving the overall performance of the 3DS program and supports the payments industry in delivering a global, interoperable and consistent user experience across all e-commerce channels and connected devices. So here are the main features of 3D Secure 2.0:


  • Improved shopping experience 

With more people shopping through apps, 3D Secure 2.0 improves their shopping experience by authenticating app-based transactions quickly and seamlessly.


  • Enhanced data sharing 

It provides enhanced data sharing between the issuer and merchant banks, allowing the issuing card bank to make better risk decisions. 


  • Better authentication 

This new protocol gives the customer better authentication options in risky transactions, like using a biometric or one-time password. 


  • Single authentication 

Rather than clicking through a browser redirection process, 3D Secure 2.0 allows customers to go through a single authentication message flow. The streamlined checkout process improves the experience for customers using mobile devices.


   4. When will 3D Secure 2.0 become mandatory?

A new standard, 3D Secure 2.0 is now being promoted as a solution for SCA under PSD2. Card brands are trying to reduce fraud which is a common goal of the directive. The larger the portion of the ecosystem that they can get to adopt 3DS2 as the solution for PSD2 the better. Which is why they have issued network mandates requiring issuers to implement 3DS2. The SCA requirement came into force on 14 September 2019. However, with the approval of the European Banking Authority, several EEA countries have announced that their implementation will be temporarily delayed or phased, with a final deadline set for 31 December 2020.


   Concluding Remarks

3-D Secure has been around for years and creates an authentication data connection between digital merchants, payment networks and financial institutions to be able to analyse and share more intelligence about transactions. The new 2.0 version of the technology enables a real-time, secure, information-sharing pipeline that merchants can use to send an unprecedented number of transaction attributes that the issuer can use to authenticate customers more accurately without asking for a static password or slowing down commerce. 3D Secure 2.0 is a huge leap forward in the world of online payments. Not only does the technology offer smoother shopping experiences, but it also takes online payment security to a whole different level.