3D Secure 2.1: Understand the new version of the protocol

Jun 13, 2019

For more than 15 years, the 3D Secure security protocol (3DS) has protected online transactions and reduced fraud and discarding. On the other hand, he was also responsible for increasing the abandonment of online shopping. In version 2.1, its latest update, the system brings benefits to improving the user experience and making online payments more secure and transparent.

The 3DS protocol was developed in 2001 by Visa as a means of securing the transaction for the merchant, the issuer and the card. As a result, the company asked retailers to introduce another level of payment authentication, such as codes sent via SMS.

In this way, the retailer transferred the fraud detection responsibility to the card issuer. Competitive cards (Mastercard, Amex, among others) quickly saw the benefit of standardization interoperability and grouped together to form EMVCo, a global technical staff designed to facilitate universal acceptance of secure payments and continue to enhance security protocols.

The process was not as simple as consumers were suspicious of the additional pop-up window and were frustrated when asked to generate new passwords while retailers complained that the conversion rates were down.

As of 2008, with the arrival of mobile payments, consumers had even more trouble with web pages that did not respond to the mobile device, which made it impossible to use smartphones. The SMS passwords did not arrive, the client was not redirected to the web store, the pop-up blockers prevented the security script from running, or the pages were unusable on a smartphone.

Released on April 14 of this year, version 2.1 of the 3DS requires tenants to provide the issuing banks with more data on each card transaction. With more data around each payment, issuing banks must be able to make more authoritative clearance decisions in order to provide a seamless experience for the consumer. In this way, 3DS v2.1 expands authorization rates and simplifies the customer experience.

The new standard removes some of the most disturbing aspects of the first release, through an authentication stream that in most cases is invisible to the client. Depending on the quantity and quality of data shared by the retailer and its payment service provider, the issuer responds in two ways:

Since the data is considered sufficient to determine if the actual cardholder is making the purchase, the transaction qualifies for a "frictionless" flow and authentication occurs without interrupting the customer experience;

If the issuer determines that the payment does not correspond to the cardholder's usual spending behavior, the transaction follows a "challenge" flow and the customer must provide a dynamic password, valid only for a single transaction, for payment to be authenticated.

In this way, 3DS v2.1 integrates retailers into the checkout experience, eliminating redirects. In addition, the new mobile software development kit (SDKs) will create native flows in the applications, which means customers will not have to complete transactions in a separate browser-based flow.

Despite the benefits, the implementation of 3DS v2.1 will be an evolutionary process. After all, such a big change in the way shopkeepers collect and share data will not happen overnight. It will be a period of adaptation, in which tenants will change as the practical realities of the new version become clearer. The specific rules surrounding the format and quality of the required data are likely to change over time.



Contact Us

  • Nieuwe Kerkstraat 13 1018 DW, Amsterdam, Netherlands