How does 3D Secure work

Payments Learning Resources

How does 3D Secure work

So how does 3D Secure work? Payer authentication or 3D Secure is a security protocol designed to verify a cardholder’s identity when they use a credit card for online purchases. 

How exactly does 3D Secure work for your business?

credit card with an overlap of a security badge

3D Secure (3-Domain Secure) adds an extra layer of security in online payment processing and is available through Visa as ‘Verified by Visa’ and Mastercard as ‘Mastercard Secure Code’. When the customer attempts to make an online payment, a password or authentication code will be requested to complete the payment. In greater detail, the customer is redirected to the card provider’s website where they should insert either a password that they have already set with their bank, or an authentication code that they will receive on their mobile phone. If they enter the correct details, the card provider will approve the payment and the customer will be directed back to the merchant’s website.

Merchants can find this security solution in their payment processor’s gateway, along with other fraud prevention tools. For instance, Powercash21 encourages its merchants to implement 3DS in order to minimize fraudulent transactions and manage payment risk for both their company and their customers. In addition to the 3D Secure feature, Powercash21 has developed a 3D Secure risk engine. This allows sellers to customize how the 3D Secure protocol should be used based on parameters like country or user BIN, currency, geo-conflict and so on. Through the customization process, merchants can separate high and low-risk traffic and only demand payer authentication from high-risk customers.

What is PSD2 and how does it affect 3D Secure?

Credit card vector with a padlock attached to it

PSD2 is a revised Payment Service Directive enacted by the European Commission in January 2018. The directive is scheduled to take full effect on September 14, 2019 with the aim to protect customers during online and mobile transactions. The new mandates established by the European Commission (EC) under PSD2, do not only affect European merchants but also any global merchant with a European customer base. As a result, numerous Non-EU governments have implemented some of the European Commission’s mandates to enhance security for remote transactions in their country.

By the time PSD2 will take effect, providers should implement a series of technical requirements including the Strong Customer Authentication (SCA) which ensures that at least two identifiers are used to authenticate e-commerce transactions. A PSD2-approved SCA transaction should combine two or more of the following elements:

  1. Knowledge – something that only the user knows. Examples include passwords, passphrases, a pin, and so on
  2. Possession – something that only the user possesses. For instance, a mobile phone, a wearable device, a smartcard, and more
  3. Inherence – this relates to a customer’s various attributes. Examples include the user’s fingerprint, facial features (e.g. smile), voice patterns, and so on.

The arrival of the SCA mandate and the lack of standard protocols, have forced major card companies (e.g. Visa, Mastercard) along with the EMVCo body to create new online standards and incorporate them in an updated product, called EMV 3D-Secure or 3D-Secure 2.0.

From 3D Secure 1.0 to EMV 3D Secure

The updated version of 3D Secure will analyze data with the use of artificial intelligence (AI) and machine learning tools in an effort to identify purchasing patterns and require a stronger user authentication for high-risk transactions.

This strategy will reduce frustration and payment security concerns that occurred amongst customers due to a series of prompts that they experienced with online payments. With EMV 3D Secure/3D Secure 2.0, merchants and acquirers will determine how tolerant they will be with authentication challenges, after an authentication request assessment and application of their own risk algorithms. As a result, the cart abandonment rates of an e-commerce merchant will be reduced, as customers will authenticate themselves only when needed and they will not leave their shopping cart due to extensive payer authentication procedures.

Differences of EMV 3D Secure in comparison with 3D Secure 1.0

credit card complete with a security badge angled at 45 degrees

The revised 3D Secure protocol is expected to include a series of updates in comparison with the first version. Some of those updates include:

  • Additional data to help streamline the decision-making process on authentication
  • Replacement of static passwords with token-based and biometric authentication
  • Non-payment user authentication
  • Improved performance during the end-to-end message processing
  • Easier integration of the authentication process to the merchant’s checkout pages, both for app and browser-based stores
  • Support of app-based purchases for mobile or other devices

It is worth mentioning that 3D Secure 1.0 and 3D Secure 2.0 are expected to co-exist for a period of time. That way merchants still can use the initial version of the security protocol until they upgrade to the newest edition and issuing banks should be capable of handling both 3D Secure 1.0 and 3D Secure 2.0 transactions via their servers.

Accepting payments online will dramatically change after September 14, 2019. Even subscription-based payments will be affected, as payments will need to be authenticated. Powercash21 and its payment gateway are ready to support merchants in complying with the new strong customer authentication requirements now. Contact us for more details.

Sign Up To Our Newsletter

Subscribe To Our Newsletter To Get Our Latest News