At the classic point of sale, for example, the limit for contactless card payments without PIN has been raised to 50 euros in most European countries. In e-commerce, the current version 2.2 of 3-D Secure finally offers the opportunity to combine even more convenience for customers with more security for card issuers and merchants. This makes it even easier to avoid the unpleasant abandonment of purchases and the associated loss of sales for all parties involved. In addition, issuers can increase the acceptance rate of approved transactions and thus increase the satisfaction of both consumers and online merchants.
What new functions does the 2.2 version of 3-D Secure offer?
Although PSD2 generally requires strong customer authentication (SCA), it also allows a number of exceptions. One of the most important exceptions is whitelisting, which is now enabled by 3DS 2.2. For online merchants that the cardholder has put on his personal whitelist, payments can be processed without strong customer authentication. As a result, online payments at those trusted merchants are particularly easy and smooth. At the same time, the customer has control over which merchants he wants to trust and which he does not.
Another interesting new feature of 3DS 2.2 is Requestor initiated Payments (3RI), which allows merchants to initiate a transaction on their own. Application examples are regularly recurring payments, even with different amounts, such as subscriptions to pay TV channels and bills from electricity or gas suppliers. Here, the merchant can successfully execute an online payment transaction even if the cardholder is currently offline.
3DS 2.2 also enables decoupled authentication: Here, authentication is separated from the payment transaction and can still take place up to seven days after the actual payment. Such an authentication can also be carried out in the background, for example during a telephone call. This new authentication option can be used for Mail Or-der/Telephone Order (MOTO), for example.
And, last but not least, 3DS 2.2 supports delegated authentication: This enables the merchant to send data to the issuer in the 3DS protocol to prove that the customer has already been authenticated by the merchant. This allows the issuer to dispense with the 3DS process from their side. This enables a PSD2 compliant one-click payment.
Netcetera was one of the first companies to be certified for 3-D Secure 2.2 by EMVCo and offers interested issuers, acquirers and payment service providers various options for consulting and support.