The 3D Secure v.2 Business Safety Protocol Explained

Cardholders around the world regularly fall victim to security attacks. For context, in the UK online market, one of the biggest scam targets in Europe, the amount of stolen funds in 2020 reached £574.2 million. As online trading rapidly expands, so too will the opportunities for bad actors, and the losses of bank and PSP users will increase.

To prevent this, security companies are constantly developing new technological solutions like multi-factor authentication, biometrics, one-time passwords and touch and face ID. However, the most reliable way to protect client funds at the moment is the 3D Secure 2.0 (and higher) security protocol. It is estimated that it can reduce credit card fraud by as much as 40%.

How Does 3D Secure v.2 Work?

According to Alexander Durkov, Head of Operations for the Payrow fintech, 3D Secure 2.0-2.3 has changed the method of payer authentication: now authentication requires not only a redirect to the issuer’s website for SMS verification, but also additional methods that are carried out without the active participation of the user.

This solution was developed on the basis of RBA (risk-based authentication), which collects cardholder data and transmits it to the issuing bank when payments are made. This data can contain more than 100 elements, including information about the cardholder and the device from which the payment was made (for example, the MAC address), the geographic location of the payer, their transaction history, the delivery address for the purchase, etc.

The issuing bank’s authentication and authorisation system (Access Control Server – ACS), in turn, compares the data received with the user’s historical data. Based on the comparison, the bank is able to determine the degree of risk of fraud for this particular transaction and decide whether additional user verification is necessary.

If the transaction is recognised as safe by the issuing bank, it is carried out according to a simplified authentication scheme (Frictionless Flow), in which the payer is automatically recognised as authenticated and no additional data will be requested from them. In this case, the user does not even notice that they were checked.

If the transaction is determined to be suspicious, additional verification will be required. To do this, the cardholder is asked to verify his identity using biometric data and/or two-factor authentication (one-time password, fingerprint, etc.).

In addition, the second version of 3D Secure, unlike its predecessor, provides a smoother and more consistent user experience across multiple payment channels, including mobile phone/browser, in-app, and digital wallet payments.

Advantages of 3D Secure 2.Х For Businesses and Consumers

The introduction of 3D Secure 2.X, based on the SCA strong authentication standard, translates to a security guarantee for online businesses and consumers paired with a seamless transaction experience and high conversion rate on payments.

The new protocol enables merchants to better integrate the authentication process into the shopping experience, providing cardholders with a fast, simple, and convenient authentication process.

3D Secure 2.X eliminates frequent browser redirects, which often result in simple page loading errors, and also frees the consumer from having to remember a one-time password that is easy to forget. In this way, 3D Secure 2.X eliminates the obstacles that users previously encountered when making transactions, which often entailed interruptions of the purchasing process.

This has a positive effect on the rate of payment conversions and reduces the number of payment refusals. According to the most recent data, 3D Secure 2.X reduces overall ordering time by 85%.

Merchants have also benefited because the new protocol shifts the responsibility for fraud from retailers to banks, which tend to be much better equipped to deal with such incidents. Merchants also save a lot of time as they no longer have to deal with fraudulent chargebacks and staff no longer have to file fraud complaints.

How Payrow Facilitates 3D Secure 2.Х Integrations For Businesses

The new 3D secure v.2 protocol is used by the new UK-based Fintech to increase the security of payments and provide a quick, simple, and comfortable authentication process.

“It is built-in by default into the cards we issue for you, as long as you use them in markets where 3DS 2.X has been rolled out. In other markets, our advanced anti-fraud system checks transactions for you and keeps you safe, despite the markets being behind with the 3DS roll-out.

If you are using our card acquiring services we will request every eligible card that you accept from your end clients to undergo the highest 3DS version check possible in order to protect you from direct and indirect fraud losses, which will again make you able to concentrate on your core business operations instead of tiresome and outdated payment routines”, according to Alexander Durkov, Head of Operations for Payrow.

The widespread transition to 3D Secure v.2 is objectively necessary, given the current fundamental changes happening in the payments landscape, including the prevalence of mobile payments, unpredictable changes in user behaviour, much higher ease-of-use requirements, new stability and speed of payment instruments. This sea change is occurring as the extremely high competition in the online sales sector continues to grow, making any further complications to the purchasing process impossible.