From 3D Secure payments 1.0 to 2.0: How important is this transition?
The only constant in life is change.
Heraclitus
When Greek philosopher Heraclitus said the above, he wasn’t talking about the payments industry, but he might as well have been.
Over the past 70 years, we've witnessed a perpetual current of technological and regulatory shifts, from the advent of the magnetic strip in the 1960s to the implementation of PCI compliance in 2004, and the establishment of 3D Secure 1.0 in 1999.
Every technological development and regulatory adaptation has been instrumental in evolving the payments landscape into its current form. But the landscape has changed yet again. The support for 3D Secure 1.0.2 has ended, marking another critical turning point in the history of the payments industry.
The transition from 3D Secure 1.0 to 2.0 has now occurred, and it was far from being a mere version upgrade. This shift represented a comprehensive reimagining of 3D Secure payments, designed to more effectively cater to the complexities of today's digital marketplace.
In this article, we will explore the post-transition landscape of 3D Secure payments, looking at how this significant shift has influenced businesses, consumers, and the payments industry as a whole.
A brief history of 3D Secure 1.0
In the early days of internet payments, fraud was rampant.
According to a 1998 Unterberg Towbin study, more than 50% of disputed or potentially fraudulent charges at Visa’s European division came from Internet transactions. However, we must remember that internet transactions only accounted for 2% of payment volumes at the time.
Online fraud prevention was relatively unsophisticated, but the problem had to be addressed, as the industry anticipated online shopping would become more popular in the coming years. As we now know, their prediction was beyond correct.
So, in 1999, Visa enlisted the help of a vendor to develop a protocol that would act as an additional layer of security for online transactions. The solution they invented was what we now know as 3D Secure.
Visa soon made this protocol available to the other card schemes: Mastercard SecureCode, American Express SafeKey, and the like via licenses, and the solution was adopted globally, to varying degrees.
How 3D Secure works
As suggested in the name, Three Domain Security (3DS) is built around three domains:
The merchant domain, which supports the merchant plug-in (MPI). This has been renamed to 3DS Server in Version 2 protocol
The network or scheme domain, i.e. the card brand, which supports the directory server (DS)
The card issuer domain, which supports the access control server (ACS)
The merchant initiates the authentication request via the 3DS Server to the DS, which then forwards the request to the ACS for authentication.
The ACS can respond in three ways:
Authenticate [end of action]
Decline the authentication [end of action]
Request to challenge the cardholder
If the ACS has requested a challenge action:
The 3DS Server needs to initiate a challenge request, providing details of how to surface the challenge to the cardholder
The challenge is then presented to the customer as outlined in the request
The customer completes the challenge in a 2-factor manner
The ACS then decides to either:
Authenticate [end of action]
Limitations of 3D Secure 1.0
While 3D Secure 1.0 played a significant role in shaping online transaction security, it had its limitations from a merchant's standpoint. Here's an insight into the challenges it posed:
Poor user experience leading to high abandonment rate: The 3D Secure 1.0 process can be disruptive to the online shopping experience. Customers are redirected to another page to verify their identity, which may confuse some users and lead to shopping cart abandonment. A study in 2022 revealed that 18% of online shoppers abandoned their cart because they “have no trust in the site”.
Lack of mobile-friendly design: 3D Secure 1.0 was designed before the rise of mobile commerce. Its user interface is often not optimized for mobile screens, leading to a subpar user experience for mobile shoppers.
Inefficient fraud detection: 3D Secure 1.0 applies the same level of security checks to all transactions, leading to unnecessary friction for low-risk transactions. This results in inefficiency and may contribute to higher abandonment rates.
Non-compliant with PSD2: The Payment Services Directive 2 (PSD2) regulation in the European Union requires Strong Customer Authentication (SCA), which 3D Secure 1.0 does not support, making it less suitable for businesses operating in the EU.
Less sophisticated risk-based authentication: 3D Secure 1.0 lacks the sophisticated risk-based authentication mechanism that 3D Secure 2.0 provides. This makes it less effective at balancing fraud prevention and user experience.
Navigate the digital commerce landscape with confidence. Use Primer for a more streamlined customer payment experience and reduced payment fraud 💳
Leveling up from 1.0 to 2.0
On October 15, 2022, support for 3D Secure 1.0 was officially discontinued.
This sunsetting happened 21 months after the different card schemes announced their plan to support the original 3DS technology no longer. In the grand scheme of technological advancement, this milestone makes sense.
3D Secure 1.0 was built at a time when all we knew were bulky desktop devices. For our younger readers’ sake: Once upon a time, computers couldn’t fit in your backpack. Or your pocket. Or on your wrist. We’ve come a long way.
The 3DS protocol was a suboptimal user experience as consumers moved more of their shopping activities onto mobile devices. When 3D Secure 2.0 burst onto the scene in 2016, offering a slicker and less intrusive customer experience, we all knew V1’s end was near.
3D Secure 2.0 was designed to address the problems and shortcomings of 3D Secure 1.0, offering “frictionless authentication” and an improved customer experience. A key difference is the enforcement of SCA, which is essential if your business operates in Europe.
The new protocol, which was developed by EMVCo, supports all device options and covers a much wider range of use cases. 3DS 2.0:
It uses ten times more assessment data points, leading to greater decision accuracy
It allows for biometric authentication, reducing checkout time by 85%
It doesn’t require redirects, decreasing cart abandonment by up to 70%
This is why moving forward, the card industry has defined 3DS 2.0 as the only supported customer authentication protocol.
The importance of the 3D Secure 2.0 transition for merchants
The transition to 3D Secure 2.0 represents a pivotal moment for merchants looking to ensure an optimized, secure, and seamless shopping experience for their customers. Here's why it's necessary.
Improved security and fraud prevention
3D Secure 2.0 employs risk-based authentication, assessing transactions based on their risk level and applying robust verification for higher-risk transactions. With more advanced technology and richer data at its disposal, it significantly improves the detection of fraudulent transactions and reduces the risk of fraud.
Stay one step ahead of fraudsters with Primer and provide cutting-edge protection for your business 💰
Enhanced user experience
With its frictionless flow, 3D Secure 2.0 lets low-risk transactions progress smoothly, creating an uninterrupted shopping journey for your customers. By minimizing disruptions during checkout, it can help mitigate cart abandonment rates and boost conversion rates for your business.
Create the best payment experience for your customers with Primer 💸
Compatibility with mobile transactions
3D Secure 2.0 supports mobile-optimized authentication flows, making it easier for businesses to facilitate secure and seamless mobile transactions. This is vital in today's mobile-centric commerce.
Compliance with regulatory requirements
The European Union's PSD2 regulation mandates Strong Customer Authentication. 3D Secure 2.0 supports this with its multi-factor authentication. By incorporating 3D Secure 2.0, merchants can ensure compliance with payment processing regulations, helping them avert penalties and maintain customer trust.
Implementing 3D Secure 2.0 in your business
When it comes to payments, change is implicit. While usually necessary, it’s also disruptive and costly to businesses worldwide, wreaking havoc with company roadmaps and requiring a deep understanding to implement effectively.
By adopting an underlying payment infrastructure like Primer, you can dodge significant costs and the precious engineering resources needed to adapt to these changes or meet new regulations. We've taken this even further by developing an Adaptive 3DS solution. Our solution boosts conversion rates and simplifies the configuration process for determining when to prompt 3DS optimally. With Adaptive 3DS, customers are only asked to authenticate when it is absolutely required by the issuer, reducing unnecessary friction and potential cart abandonment.
Implementing 3D Secure 2.0 in your business
When it comes to payments, change is implicit. While usually necessary, it’s also disruptive and costly to businesses worldwide, wreaking havoc with company roadmaps and requiring a deep understanding to implement effectively.
By adopting an underlying payment infrastructure like Primer, you can dodge significant costs and the precious engineering resources needed to adapt to these changes or meet new regulations. We've taken this even further by developing an Adaptive 3DS solution. Our solution boosts conversion rates and simplifies the configuration process for determining when to prompt 3DS optimally. With Adaptive 3DS, customers are only asked to authenticate when it is absolutely required by the issuer, reducing unnecessary friction and potential cart abandonment.
Final thoughts
The transition from 3D Secure 1.0 to 2.0 represents a pivotal progression in the field of 3D secure payments. It was more than just an upgrade; but rather a comprehensive transformation, better aligning 3D secure payments with the needs of modern digital commerce.
As the digital marketplace rapidly expands, businesses must adapt to these changes. Pioneering platforms like Primer are leading the charge, providing the necessary tools to confidently navigate this dynamic terrain of 3D secure payments.
With Primer, continuously adapting to changes in your payment system is just a few clicks away.
FAQs
What are the costs involved in transitioning to 3D Secure 2.0?
The cost of transitioning to 3D Secure 2.0 can vary depending on the existing infrastructure of your business. Costs may include:
Fees for upgrading your payment gateway to one that supports 3D Secure 2.0
Technical implementation costs
Training costs for your team to understand the new system
Ongoing costs associated with maintaining the system
However, it's crucial to note that these expenses will likely be offset by the enhanced security and potential reduction in fraudulent transactions, leading to improved customer trust and retention.
How can I implement 3D Secure 2.0 if my business operates globally?
Global implementation of 3D Secure 2.0 should be managed with your payment provider. Many providers operate internationally and can ensure compliance across different regions.
Can 3D Secure 2.0 integrate with my existing e-commerce platform or payment gateway?
3D Secure 2.0 can be integrated with your existing payment stack, provided your e-commerce platform or payment gateway supports it. Many of the leading e-commerce platforms and payment gateways have made provisions for the 3D Secure 2.0 protocol and should seamlessly integrate.
Do my customers need to activate 3D Secure for online purchases?
Customers do not need to activate anything for 3D Secure 2.0. The protocol is designed to work behind the scenes. Risk-based authentication assesses each transaction's risk level and prompts for additional authentication only for transactions deemed higher risk.
Want to learn more about Primer? Get in touch with us.
