3DS allows customers to authenticate high risk transactions with confidence, with the added benefit of liability shift. But if not used selectively, 3DS authentication will increase friction for all of your customers. The experience on mobile devices is also sub-par, leading to a lack of adoption through this channel. To address these points the industry is introducing 3DS2, a new approach that puts shoppers at the center of the authentication process and aligns with the latest technologies that shoppers use.
What is 3DS?
Introduced in 1999, 3DS was introduced to reduce fraud for online transactions. It works by allowing the cardholder’s bank to prove that the shopper attempting a purchase is the legitimate user of the credit or debit card
The primary benefit of 3DS is the additional layer of security that reduces the chance of chargebacks. Usually if a chargeback does occur the liability will be shifted to the cardholder’s bank where a successful authentication has occurred
The Challenge with 3DS
When 3DS1 was first introduced technologies that are commonplace today hadn’t been invented (the first iPhone wasn’t released for another 4 years). Whilst 3DS1 has been a powerful and widely adopted anti-fraud solution, shoppers are still put off by browser-based challenges. Examples of 3DS1 include:
Whilst many banks have moved to a risk-based approach meaning shoppers do not always get challenged, when a challenge does occur it often requires a shopper to remember a number of characters from their static password. This leads to shoppers dropping out of the payment journey and merchants losing transactions.
How does 3DS2 differ?
3DS2 looks to introduce a solution that not only works with the technologies that shoppers use today and also anticipates future ways for shoppers to authenticate themselves.
There are 3 key areas where 3DS2 will optimize the user experience:
- More data, less friction. More than 100 data elements are to be sent from the merchant to the issuer. This gives issuers more information so that they challenge the shopper when needed. Only the riskiest transactions will go through additional cardholder verification. The rest are authenticated invisibly and receive liability shift.
- Increased sales. The issuer can customize the challenge page, and offer authentication methods that suit the shopper such as biometrics and one time passwords.
- Mobile optimization. iOS and Android SDKs offer native-device payment options to further reduce drop off for mobile payments.
By putting the shopper experience at the forefront of authentication, 3DS2 can be adopted without fear of drop off. Merchants will be able to process more successful transactions whilst being able to benefit from full liability for transactions where fraud is detected.
3DS2 and the Payment Services Directive 2 (PSD2)
Although 3DS1 and 3DS2 will coexist for several years, if you accept payments where the card issuer and the acquirer are based in the European Economic Area (EEA), you need to apply Strong Consumer Authentication (SCA) to your payments. Where card payments are involved the most common way to achieve SCA will be through the adoption of 3DS2 from April 2019.
Strong Consumer Authentication makes transactions more secure by requiring two of three
- Something only the customer owns (like a smartphone, smart card, or wearable)
- Something only the customer knows (like a PIN or password)
- Something only the customer is (biometrics like fingerprint, voice, or facial features)
The EUs newly revised Payment Services Directive (PSD2) requires SCA for all but a defined set of exempted transactions as of September 2019.
The European Banking Authority (EBA) is the EUs supervisory authority over the common rules for financial institutions in the EU. The EBA issues periodic opinions on compliance matters that answer common questions about the compliance of specific SCA implementation.
Outside of the EEA, we recommend that you support 3DS2 so that you can leverage the benefits offered by the new protocol.
How Worldpay can help
Even before 3DS2 is available, Worldpay’s 3DS Flex offers an advanced MPI so you can adopt 3DS1 today. 3DS Flex allows for increased uplift of 3DS1 transactions through features such as mobile optimization, additionally Worldpay can offer a highly tailored rules approach to optimize 3DS for every transaction. This allows you to achieve a balanced approach of shopper friction versus authentication aligned to your risk appetite.
In addition we can help you get ready for 3DS2. Worldpay will be among the first Payment Service Providers to support 3DS2, allowing our customers to be the first to benefit from the increased value this new solution provides.
Look for Worlpday’s upcoming webinars on 3DS2, or reach out to your Worldpay account team to find out more.
© 2018-2019 Worldpay, LLC and/or its affiliates. All rights reserved. Worldpay, the logo and any associated brand names are trademarks or registered trademarks of Worldpay, LLC and/or its affiliates in the US, UK or other countries. All other trademarks are the property of their respective owners.