image path:

3D Secure 2: Five benefits of cardholder authentication

With the SCA(1) requirement of PSD2(2)  quickly approaching, it’s easy to see why the world of payments is focused on authentication to meet the new regulations. It’s worthwhile however to take a step back, and discuss the value of authentication even where it isn’t mandated.

Let’s first remind ourselves that 3D Secure is the primary mechanism for authenticating cardholders globally – but it can be viewed by merchants as adding friction to the shopper checkout experience.

To address this pain point, EMVCo and the major credit card schemes introduced the next generation 3DS Secure, 3DS 2: one frictionless flow, and a range of shopper-friendly authentication flows, where an authentication challenge is required.

Let’s discover five benefits of authentication with 3DS 2.

1 - More data for better risk assessments

3SD 2 lets you, the merchant, send more data to issuers with each transaction. Issuers can use this data to make more informed assessments of transactions and determine whether the shopper is the legitimate cardholder.

If an issuer is confident that the transaction presents a low risk, they can authenticate it without any further input from the shopper. This is commonly referred to as a frictionless flow, as the shopper journey is seamless.

credit card information input screenshot

payment details screenshot

thank you page screenshot

For higher risk transactions, issuers will choose a shopper-friendly way to authenticate the cardholder (e.g. biometrics), commonly referred to as a challenge flow.

The good news is that as the merchant, you already submit most of the data required to authenticate cardholders. In the background, Worldpay and other parties can now supplement this data to include:

3DS2 Data infograph

Note: For PSD2 payments, the EBA(3) recently announced that they will no longer recognize card details as a valid, independent ‘possession’ factor for SCA. This will have a direct impact on Enhanced OTPs, which issuers were planning to use widely as an SCA compliant challenge method through 3DS1. This will no longer be possible the way SMS OTP is currently designed. Issuers will have to update how OTP works on their systems, which may have further impacts on implementation timeframes.

This change to OTP should not directly affect your PSP integrations, or your readiness for SCA – it is for issuers to manage. However for transactions outside of the PSD2 mandate, your shoppers will still be able to leverage the simplified experience as shown above.

  • Biometric

3DS 2 was created with shopper-friendly challenges in mind, leveraging technology that is now prevalent with online shoppers.

Biometric challenges involve using smart phone capabilities to authenticate shoppers: fingerprints, or facial ID readers for example.

credit card information input screenshot

payment details screenshot

face id authentication loading sign screenshot

thank you page screenshot

Note: Some schemes are mandating that issuers have capability to support a biometric challenge by 2020. This will mean that biometrics could become one of the most prevalent and seamless authentication methods.

  • Out of Band

Out of Band will let shoppers use their online banking app to seamlessly authenticate their transaction. Shoppers will be directed to their mobile banking apps and log in as they already do. This will authenticate transactions.

Through the increasing use of biometrics to login to mobile banking apps, shoppers will experience lower friction than what is seen with 3DS 1 challenges today.

credit card information input screenshot

payment details screenshot

face id authentication screenshot

authentication screenshot

successful authentication screenshot

authorizing payment to screenshot

thank you page screenshot
3 – Liability shift

3DS is a cardholder authentication protocol backed by the major credit card scheme schemes. It helps card issuers confirm the identity of their cardholder, when they make an online purchase.

If the shopper’s card is enrolled in a 3DS program, and the issuer has confirmed their identity, the liability for fraud-related chargebacks on that transaction shifts from you to the card issuer.

For 3DS 2, the rules of liability have changed slightly, providing even greater benefits for merchants. If a merchant tries to authenticate a transaction, and the issuer does not take part in either 3DS 1 or 3DS 2 programs, then the liability still shifts to the issuer.

Note: this increased protection is subject to regional scheme mandates, and is not available in every region. Contact your Worldpay account team to find out more.

For more information on liability shift, click here.

4 - Integrated with the shopping experience

3DS 2 has been designed to work regardless of how a shopper is interacting with your website.

  • For browser-based flows, the challenge is embedded into your checkout pages through an optimized iFrame.
  • For mobile transactions, Worldpay can provide iOS and Android SDKs that allow challenges to be embedded into your checkout flow, and automatically rendered for the device being used.

Through optimizing the 3DS experience and embedding it as part of the shopper journey, we’re able to reduce friction - leading to increased sales uplifts and more protection from fraud for you.

5 - Increased acceptance

Authenticating allows you to reduce the acceptance gap between Point of sale (POS) and Online/Customer not present (CNP) transactions.

As issuers know more about authenticated transactions, using 3DS 2 could help you see higher acceptance rates compared with non-authenticated transactions.

How Worldpay can help

We’ve released 3DS Flex, a new authentication platform that lets you to leverage these five benefits. We’re making it easy for you to navigate the complex regulations of PSD2, and other scheme and regional mandates.

3DS Flex offers a market-leading global 3DS solution, with a flexible approach. You can optimize your risk appetite and shopper experience, driving sales uplift while reducing fraud.

Get in touch with your Worldpay account team to find out more about 3DS Flex, and our complementary PSD2 solutions.

To learn more about 3DS Flex, click here.

For more information on PSD2, click here.

(1) Strong Customer Authentication (SCA) requires that businesses use two independent authentication elements to verify payments.

(2) PSD2 (Second EU Payments Service Directive) regulates payment services and payment service providers throughout the European Union (EU).

(3) European Banking Authority (EBA) is a regulatory agency of the European Union.