3DS2 - The new approach to authentication

3DS allows customers to authenticate high-risk transactions with confidence and with the added benefit of liability shift. But if not used selectively, 3DS authentication will increase friction for all your customers. The experience on mobile devices is also sub-par, leading to a lack of adoption through this channel. To address these points, the industry is introducing 3DS2, a new approach that puts shoppers at the center of the authentication process and aligns with the latest technologies that shoppers use.

What is 3DS?

Introduced in 1999, 3DS was introduced to reduce fraud for online transactions. It works by allowing the cardholder’s bank to prove that the shopper attempting a purchase is the legitimate user of the credit or debit card.

The primary benefit of 3DS is the additional layer of security that reduces the chance of chargebacks. Usually, if a chargeback does occur, the liability will be shifted to the cardholder’s bank where a successful authentication has occurred

The challenge with 3DS

When 3DS1 was first introduced, technologies that are commonplace today hadn’t been invented (the first iPhone wasn’t released for another four years). While 3DS1 has been a powerful and widely adopted anti-fraud solution, shoppers are still put off by browser-based challenges. Examples of 3DS1 include:

• Verified by Visa
• Mastercard ID Check
  
• American Express SafeKey
  

While many banks have moved to a risk-based approach – which means shoppers do not always get challenged – when a challenge does occur, it often requires a shopper to remember a number of characters from their static password. This leads to shoppers dropping out of the payment journey and merchants losing transactions.

How does 3DS2 differ?

3DS2 looks to introduce a solution that not only works with the technologies that shoppers use today but also anticipates future ways for shoppers to authenticate themselves.

There are three key areas where 3DS2 will optimize the user experience:

1. More data, less friction. More than 100 data elements are to be sent from the merchant to the issuer. This gives issuers more information so that they challenge the shopper when needed. Only the riskiest transactions will go through additional cardholder verification. The rest are authenticated invisibly and receive liability shift.
2. Increased sales. The issuer can customize the challenge page and offer authentication methods that suit the shopper, such as biometrics and one-time passwords.
3. Mobile optimization. iOS and Android SDKs offer native-device payment options to further reduce drop off for mobile payments.

By putting the shopper experience at the forefront of authentication, 3DS2 can be adopted without fear of drop off. Merchants will be able to process more successful transactions while being able to benefit from full liability for transactions where fraud is detected.

3DS2 and the Payment Services Directive 2 (PSD2)

Although 3DS1 and 3DS2 will coexist for several years – if you accept payments where the card issuer and the acquirer are based in the European Economic Area (EEA), you need to apply Strong Consumer Authentication (SCA) to your payments. Where card payments are involved, the most common way to achieve SCA will be through the adoption of 3DS2.

SCA makes transactions more secure by requiring two of three:

• Something only the customer owns (like a smartphone, smart card or wearable)
  
• Something only the customer knows (like a PIN or password)
• Something only the customer is (biometrics like fingerprint, voice or facial features)

The EU’s newly revised PSD2 requires SCA for all but a defined set of exempted transactions as of 1 January 2021 for EEA and 15 September 2021 for the UK.

The European Banking Authority (EBA) is the EU’s supervisory authority over the common rules for financial institutions in the EU. The EBA issues periodic opinions on compliance matters that answer common questions about the compliance of specific SCA implementation.

Outside of the EEA, we recommend that you support 3DS2 so that you can leverage the benefits offered by the new protocol.

How Worldpay from FIS can help

Even before 3DS2 is available, Worldpay’s 3DS Flex offers an advanced MPI so you can adopt 3DS1 today. 3DS Flex allows for increased uplift of 3DS1 transactions through features such as mobile optimization. Additionally, Worldpay can offer a highly tailored rules approach to optimize 3DS for every transaction. This allows you to achieve a balanced approach of shopper friction versus authentication aligned to your risk appetite.

In addition, we can help you get ready for 3DS2. Worldpay will be among the first Payment Service Providers to support 3DS2, allowing our customers to be the first to benefit from the increased value this new solution provides.

Look for Worldpay’s upcoming webinars on 3DS2 or reach out to your Worldpay account team to find out more.