In the early days of 3-D Secure, the focus was on preventing fraud in browser-based online shopping on desktop computers. When 3DS 2.1 was launched in 2016, the focus was already on mobile payment. Now 3DS 2.2 focuses on further improving user-friendliness. Among other things, this is achieved by consistently exploiting the exceptions to strong customer authentication permitted by PSD2: the more often the exceptions apply, the more often a frictionless checkout is possible with one-click payment. And this in turn becomes more important as more consumers use their smartphones for online shopping.
3DS 2.2 brings numerous advantages
An important advantage of version 2.2 of 3DS is that it supports non-payment transactions for several use cases. For example, a card can be easily loaded into a wallet or it is possible to verify that a merchant is on a whitelist.
In addition, the protocol has been extended in some places to ensure even smoother payment processing. For example, there are now specific indicators that a transaction risk analysis or strong customer authentication has been carried out. Furthermore, it is also possible to send data to the issuer as pure information and not as an authorization request.
The 3DS 2.2 protocol extensions allow application of the PSD2 exemptions for strong customer authentication, including low-value payments, recurring payments, whitelist merchants or for successful customer authentication by the merchant or acquirer (Delegated Authentication).
A new data element "3DS Requestor app URL" ensures seamless communication between issuer app and merchant app. This allows the successful completion of the transaction to be displayed directly in the merchant app after successful authentication and final payment approval by the customer.
Observing mandates by Mastercard and Visa
In order to promote the spread of 3-D Secure further, Mastercard and Visa are stipulating its use through various mandates. For example, on 14 September, Visa's mandate for card issuers to use 3DS 2.2 will come into force. And finally, there is the deadline set by the European Banking Authority (EBA) that every merchant must have introduced strong customer authentication by 31 December 2020.
Suzana Kordumova Nikolova: "So it becomes clear that the latest version 2.2 of 3-D Secure should be implemented now as deadlines approach, it has many benefits and provides regulatory compliance".