3DS2 - The new approach to authentication
3DS allows customers to authenticate high risk transactions with confidence, with the added benefit of liability shift. But if not used selectively, 3DS authentication will increase friction for all of your customers. The experience on mobile devices is also sub-par, leading to a lack of adoption through this channel. To address these points the industry is introducing 3DS2, a new approach that puts shoppers at the center of the authentication process and aligns with the latest technologies that shoppers use.
What is 3DS?
Introduced in 1999, 3DS was introduced to reduce fraud for online transactions. It works by allowing the cardholder’s bank to prove that the shopper attempting a purchase is the legitimate user of the credit or debit card.
The primary benefit of 3DS is the additional layer of security that reduces the chance of chargebacks. Usually if a chargeback does occur the liability will be shifted to the cardholder’s bank where a successful authentication has occurred.
The Challenge with 3DS
When 3DS1 was first introduced technologies that are commonplace today hadn’t been invented (the first iPhone wasn’t released for another 4 years). Whilst 3DS1 has been a powerful and widely adopted anti-fraud solution, shoppers are still put off by browser-based challenges.
Whilst many banks have moved to a risk-based approach meaning shoppers do not always get challenged, when a challenge does occur it often requires a shopper to remember a number of characters from their static password. This leads to shoppers dropping out of the payment journey and merchants losing transactions.
How does 3DS2 differ?
3DS2 looks to introduce a solution that not only works with the technologies that shoppers use today and also anticipates future ways for shoppers to authenticate themselves.
There are 3 key areas where 3DS2 will optimise the user experience:
- More data, less friction. More than 100 data elements are to be sent from the merchant to the issuer. This gives issuers more information so that they challenge the shopper when needed. Only the riskiest transactions will go through additional cardholder verification. The rest are authenticated invisibly and receive liability shift.
- Increased sales. The issuer can customize the challenge page, and offer authentication methods that suit the shopper such as biometrics and one time passwords.
- Mobile Optimization. iOS and Android SDKs offer native-device payment options to further reduce drop off for mobile payments (available early 2019).
By putting the shopper experience at the forefront of authentication, 3DS2 can be adopted without fear of drop off. Merchants will be able to process more successful transactions whilst being able to benefit from full liability for transactions where fraud is detected.
3DS2 and the Payment Services Directive 2 (PSD2)
Whilst 3DS1 and 3DS2 will coexist for a few years, if you accept payments where the card issuer and the acquirer are based in the European Economic Area (EEA), you need to apply Strong Consumer Authentication (SCA) to your payments. Where card payments are involved the most common way to achieve SCA will be through the adoption of 3DS2 from April 2019.
Outside of the EEA, we recommend that you support 3DS2 so that you can leverage the benefits offered by the new protocol.
How Worldpay can help
Even before 3DS2 is available, Worldpay’s 3DS Flex offers an advanced MPI so you can adopt 3DS1 today. 3DS Flex allows for increased uplift of 3DS1 transactions through features such as mobile optimisation, additionally Worldpay can offer a highly tailored rules approach to optimise 3DS for every transaction. This allows you to achieve a balanced approach of shopper friction versus authentication aligned to your risk appetite.
In addition we can help you get ready for 3DS2, we will be among the first Payment Service Providers to support 3DS2, allowing our customers to be the first to be able to benefit from the increased value this new solution provides.
Look out for Worlpday's upcoming webinars on 3DS2, alternatively reach out to your Worldpay account team to find out more.