3D Secure 2.0 Explained
Published 31st July, 2019 by StuartHow does your bank make sure your online activity is secure? Well, you’re probably familiar with 3D Secure, sometimes known as MasterCard Identity Check or Visa Secure, a common feature of online transactions.
3D Secure 2.0 (3DS2) is the new version of the fraud prevention and security check for online payments. It makes online payments more secure, and uses stronger fraud detection than before, not to mention it’s a faster and more streamlined user experience.
What is 3D Secure 2?
3D Secure 2 is an upgrade of the original software, streamlining the process and reducing your interaction - it moves a lot of the security behind the scenes. 3DS2 aims to improve your checkout experience with ‘frictionless authentication’, which is less disruptive than 3DS1. With the new version you’ll simply verify payments using your fingerprint, facial ID or using your mobile banking app, minimising the ‘faff’ of entering passwords or receiving text message codes. So it’s just as secure as 3DS1, but it doesn’t slow down your shopping experience.
3DS2 is a necessary factor for Strong Customer Authentication regulation compliance across Europe, as well as being a key feature for business exemptions from SCA regulations.
How does Frictionless Authentication work?
If your bank has no reason to suspect fraud, your experience will be ‘frictionless’, and the authentication process won’t interrupt your transaction. This is good news for online retailers, as sales conversion rates are likely to rise if security measures are less intrusive.
3D Secure 2.0 will allow your bank to receive much more information in each transaction. For example, payment specific data such as a shipping address may be analysed, along with contextual data such as your device ID or previous transaction history.
Your bank then assess the level of risk of the transaction using this data, and choose an appropriate response. The response then decides the “Flow” that the transaction will follow the appropriate authentication channels:
1. Frictionless Flow
If the bank trusts the transaction was issued by the verified cardholder, the transaction goes through the “frictionless flow” and the authentication is completed, and no additional input is necessary from you - you’ll hardly know it’s happened.
2. Challenge Flow
If the bank doesn’t trust that this transaction as issued by the real cardholder, the transaction will go through the “challenge flow” and you’ll be asked to provide additional input to complete payment.
3D Secure 2.0 and Strong Customer Authentication
September 2019 marks the beginning of Strong Customer Authentication and it means that 3D Secure 2.0 is all the more important, especially if you are conducting business in Europe.
Implementing 3D Secure 2.0 will allow merchants to request exemption from SCA regulations and avoid authentication on low-risk payments altogether.
When will 3D Secure 2.0 be supported by banks?
Many banks have already adopted 3DS2, or at least give you the option to use it. Full implementation is mandatory by September 2019, in order for banks across Europe to comply with Strong Customer Authentication. It’s expected that 3D Secure 1.0 and 3D Secure 2.0 will coexist until at least 2020.