Reasons for 3-D Secure 2.2

Frictionless payment in merchant apps

For more than 20 years, the 3-D Secure protocol has been providing more security in e-commerce. Versions 2.1 and 2.2 have been launched in a relatively short time after each other. Why was this necessary and what perspectives result from it? Suzana Kordumova Nikolova, Product Manager Secure Digital Payments at Netcetera, has the answers.

In the early days of 3-D Secure, the focus was on preventing fraud in browser-based online shopping on desktop computers. When 3DS 2.1 was launched in 2016, the focus was already on mobile payment. Now 3DS 2.2 focuses on further improving user-friendliness. Among other things, this is achieved by consistently exploiting the exceptions to strong customer authentication permitted by PSD2: the more often the exceptions apply, the more often a frictionless checkout is possible with one-click payment. And this in turn becomes more important as more consumers use their smartphones for online shopping.

3DS 2.2 brings numerous advantages

An important advantage of version 2.2 of 3DS is that it supports non-payment transactions for several use cases. For example, a card can be easily loaded into a wallet or it is possible to verify that a merchant is on a whitelist.

In addition, the protocol has been extended in some places to ensure even smoother payment processing. For example, there are now specific indicators that a transaction risk analysis or strong customer authentication has been carried out. Furthermore, it is also possible to send data to the issuer as pure information and not as an authorization request.

The 3DS 2.2 protocol extensions allow application of the PSD2 exemptions for strong customer authentication, including low-value payments, recurring payments, whitelist merchants or for successful customer authentication by the merchant or acquirer (Delegated Authentication).

A new data element "3DS Requestor app URL" ensures seamless communication between issuer app and merchant app. This allows the successful completion of the transaction to be displayed directly in the merchant app after successful authentication and final payment approval by the customer.

Observing mandates by Mastercard and Visa

In order to promote the spread of 3-D Secure further, Mastercard and Visa are stipulating its use through various mandates. For example, on 14 September, Visa's mandate for card issuers to use 3DS 2.2 will come into force. And finally, there is the deadline set by the European Banking Authority (EBA) that every merchant must have introduced strong customer authentication by 31 December 2020.

Suzana Kordumova Nikolova: "So it becomes clear that the latest version 2.2 of 3-D Secure should be implemented now as deadlines approach, it has many benefits and provides regulatory compliance".

Watch the webinar on this topic

PSD2 SCA: What is new in 3DS 2.2 and how to implement a seamless experience in merchant apps

Suzana will explain the details and benefits of using the latest 3DS technology for online shopping. The webinar is both, educational and interesting, because 3DS is a regulatory requirement and payment service players will need to integrate it as soon as possible.

Join our interactive webinar series on top payment topics

Profit from our 20 years of expertise and insights on trending payment topics like PSD2, open banking standards, the future of checkouts, big data in payments, tokenization, or authentication and much more.

More stories

On this topic