3D-Secure 2 – New Improved Security Process for Merchants

Today, each online merchant knows that safe online payments are necessary for effective e-commerce businesses. For the purpose of further improving the security, new methods of card authentication and user authentication under the European Payment Directive PSD2 have become essential than ever.

Often significant changes also bring a lot of questions for merchants. However, at DSBC Financial Europe, we make sure that you will get all the support you need with this new improved security process.

What is 3D-Secure 2?

3D-Secure 2 (3DS2) is a multi-level protection system provided by leading credit card organizations Visa, Mastercard, Amex and JCB. This new platform is launched to comply with the legal structure of Directive 2 regarding European Payment Services (PSD2). The key goals here are to make online credit card transactions as safe as possible and to improve the conversion rate relative to existing 3DS implementations.

Haven't 3D-Secure been around for a long time?

Yes. 3-D Secure 2 guarantees that the user is actually the owner of the credit card as with the first generation. Nonetheless, the second generation brings with it some significant improvements: these include a new path to higher security level across a wider range of data, biometric authentication and improved online experience, especially on smartphones. Additionally, the PSD2 also calls for a Strong Customer Authentication (SCA) and 3DS2 is the leading credit card company's reaction to this.

Differences between 3DS1 and 3DS2 (Source: Kilian Thalhammer / DSBC Financial Europe)

Definition of Strong Customer Authentication (SCA)

SCA is a new standard for PSD2. In the past, customers may just need to enter their card number and the CVC. However, under the PSD2 regulations, details from two separate sources (also known as factors) would be needed to initiate payments. 3D Secure is a common security standard designed to avoid fraud in online credit and debit card transactions that will be used to apply SCA in all card payments.

When using 3DS1 in the past, online shoppers are required to set up a static password. Nevertheless, in the future, the issuers must ensure that authentication contains at least two of the following:

Two in three factors that SCA always requires to make payments safe (Source: Kilian Thalhammer / DSBC Financial Europe)

Does 3DS2 have any impact on all payment methods?

Actually not. Just online payments from credit or debit cards and wallets are affected.

How can DSBC Financial Europe support merchants and online merchants?

At DSBC Financial Europe secure payment system, we are updating our payment pages and developing new payment APIs that can enable excellent customer authentication. We also use the latest 3DS2 standard in our APIs and payment pages in order to reduce implementation changes for merchants.

We encourage the improvements of PDS2 since they allow European merchants to promote competition and thus innovation amongst financial institutions. In particular, PSD2 improves long-term payment protection, of which 3DS2 is a significant component and also enhances the widespread practical use of future-oriented technologies such as biometric payments.

There are many benefits for merchants compared to 3DS1 – here are the most important ones:

• Higher conversion rates due to higher customer experience: Static passwords would be forbidden. In certain circumstances, transactions would be authenticated on the basis of historical and transactional data accessible to the issuer without the involvement of the cardholder. After a familiarization stage, the conversion rate will increase in the medium term as cardholders experience a frictionless flow.
• Higher revenue due to improved acceptance rates: Thanks to the widespread implementation of 3D Secure, issuers would be able to accept more e-commerce payments than they had in the past. The general assumption is that the approval rates for such transactions will be as high as those for face-to-face companies.
• Less fraud due to strong biometric authentication: The reason for the new standard is to encourage the data transfer between the merchant, the cardholder, the issuer of the bank (who receives the payment and then sends the amount to the merchant, minus the relevant fees) and the issuing bank (who verifies the transaction and, where credit is available, sends the authorization to the card network) in order to determine the risk of the payment. If the issuer wishes to challenge the transaction, the authentication can take place with TAN via SMS or automatically with biometric data.
• Support in different devices: The new networking standard also offers a basis for digital authentication in order to make the process possible on a broader range of devices. 3D Secure payments can be run on mobile and other connected electronic devices in both application and browser-based solutions.

What are the special cases where SCA does not need to be used?

(Source: Kilian Thalhammer / DSBC Financial Europe)

What are the timelines for the 3DS2?

PSD2 and SCA tend to make strong customer authentication compulsory in Europe, paving the way for the introduction of 3DSecure 2.

By 2020 onwards, 3DS 2 is supposed to be launched globally. You will also be able to participate in safer and more stable business with non-European Economic Area (EEA) customers, like all EU countries plus Norway, Iceland and Liechtenstein.

If you have any questions, please contact us by email or regular mail at the following address:

"DSBC Financial Europe" UAB

• Address: Lvovo str. 25, Mažoji bure, 15th floor, LT-09320, Vilnius Lithuania.
• Telephone: + 370 5 240 5555
• Email: [email protected]