3-D Secure (3DS) 2.0 is coming! This new version of the 3DS authentication protocol will shortly be available, and includes several key changes to the handling of eCommerce and mobile payments. 3D Secure 2.0 is expected to be available on the AllSecure Payment Gateway in production in April 2019. Customers in Europe are strongly recommended to migrate to 3DS 2.0 in advance of September 14, 2019, when the PSD2 requirements on strong customer authentication (SCA) come into effect.
The second European Payment Services Directive (PSD2) is a European directive which came into force across the European Economic Area (EEA) on January 13, 2018. PSD2 was established to drive payments innovation and data security by reducing competitive barriers, mandating new security processes and encouraging standardized technology to protect the confidentiality and integrity of payment service users’ personalized security credentials. PSD2 requires banks to support Open APIs to enable consumers to make payments directly from their bank accounts via newly-regulated third-party payment service providers. The primary focus of this document is the introduction of the Regulatory Technical Standards (RTS) around strong customer authentication (SCA). These standards will come into effect on September 14, 2019.
3-D Secure is a customer authentication protocol introduced by EMVCo and leading card schemes, designed to reduce fraud rates and provide security to merchants and shoppers. The current 3-D Secure version (1.0) does not enforce modern secure authentication methods and frequently relies on archaic authentication methods such as static passwords.
3-D Secure 2.0 is the latest version of the 3DS protocol. 3DS 2.0 includes several key changes to the handling of eCommerce and mobile payments. Critically, these changes ensure the protocol is fully in line with the PSD2 regulatory technical standards on secure customer authentication (SCA), which come into effect on September 14, 2019. Furthermore, the updated protocol is designed to help streamline the customer journey by reducing or removing points of friction, ultimately improving checkout conversion rates as well as reducing fraud.
There are several benefits to merchants, issuers and shoppers as a result of 3DS 2.0. Broadly, the changes ensure a streamlined customer journey with fewer friction points to reduce the high rate of shopping cart abandonment from 3-D Secure 1.0. These enhancements include:
As mentioned previously, risk-based authentication based on rich data is a key feature of 3-D Secure 2.0. If the issuer determines the transaction is low-risk, they can bypass full authentication altogether – this is referred to as “frictionless flow”. If the issuer decides to go ahead with full authentication, this triggers what is known as the “challenge flow”, which more closely mirrors the 3DS 1.0 workflow.
The main difference between 3DS 1.0 and the 3DS 2.0 challenge flow is in how the cardholder interacts with the issuer. Firstly, redirecting the shopper from the merchant’s web page is not necessary any more as the interaction can be handled in an iFrame on the merchant’s website. Secondly, as detailed above the authentication itself offers more options, such as in-app, biometric, two-factor via SMS, knowledgebased or more. This mechanism is controlled by the issuer.
Under 3DS 2.0, shoppers will also be able to whitelist their most trusted merchants – as long as the issuer has also whitelisted those merchants. While this results in increased friction on the first visit to that merchant, subsequent visits will use “frictionless flow” while ensuring that shoppers remain fully protected.
The AllSecure Payments Gateway will support 3DS 2.0 for customers integrated via both Server to Server and SECUREPAY. Note that the protocol for go-live will in fact be 3DS 2.1 rather than 2.0. AllSecure will support the following brands for 3DS 2.0:
AllSecure will be working to ensure our top-performing acquirers are available for 3DS 2.0 processing by the time the service is launched, and we will continue to update the remaining connected acquirers throughout 2019. AllSecure will request, import and maintain all certificates required for 3D Secure processing.
AllSecure will continue to support 3DS 1.0 alongside 2.0, until further notice from card schemes on timings for deprecation of the older version. The cost for a 3DS 2.0 transaction will remain in line with the current cost for a 3DS 1.0 transaction, as stipulated in AllSecure commercial contracts.
Full integration details on migrating to 3-D Secure 2.0 are available on the developer portal at the below
link: https://allsecure.docs.oppwa.com/support/3d-secure-2.0-guide .
Established in 2001. AllSecure became a global Payment Service Provider dedicated to providing tailor-made online payment solutions that solve issues and suite the requirements of its clients.
Our PCI DSS Level 1 payment gateway processes in multiple market and currencies through single platform in a smart and cost-effective way. The aim is to optimize the clients’ payment solutions using the best gateway technologies, world class acquires along with our in-depth payment knowledge and professional services.
© 2005 – 2021 AllSecure – All rights reserved.