What is 3-D Secure 2.0? Whats the fuss?

3-D Secure 2.0

What is 3-D Secure 2.0?

3-D Secure 2.0 enables merchants to authenticate users in-app, on mobile and in digital wallets. Not only does this mean that transactions are more secure, but usability is improved because the messaging protocol is designed for these new methods of transactions.

Why is 3-D Secure 2.0 Required?

The nature of the internet is that it is constantly trying to authenticate the user. Whether you’re logging on to a social media account, making a purchase or checking your balance via an online bank account, the internet needs to authenticate who you are to grant access.

For merchants, it’s even more important to use systems that securely authenticate users, given they’re dealing with monetary transactions that, should they fail, have the potential to cause both reputational and financial damage.

Authentication isn’t a static function, however, it needs to change and evolve as the digital environment it exists in changes. For example, 3-D Secure was created for a world of authentication via browsers. We now want to authenticate on mobile devices, through digital wallets and even within apps. As such, the method we use to authenticate needs to step up a gear.

What Needs to Change?

While, 3-D Secure helps merchants reduce charge backs by shifting the responsibility for fraud to the card issuing bank, there have been some drawbacks. For example, authentication happens as a result of a successful password entered into a pop-up window or inline frame, but the credibility of this pop-up can’t be authenticated. This leaves the pop-up window process vulnerable to hackers who could create a fraudulent pop up to collect user passwords. There have also been compatibility issues around how inline frames and pop-ups appear on mobile devices – which risk leaving merchant’s customers frustrated.

3-D Secure also needs to become more flexible for the merchant. In some cases – for example if the customer is a regular shopper – the merchant may choose not to add additional authentication processes, for fear of it causing transaction abandonment. In this scenario, the merchant would be choosing to take the risk of a chargeback rather than the risk of abandonment, and this may also lower the cost of processing the transaction as it hasn’t been through the 3-D Secure authentication. Other factors that may impact a merchant’s decision on whether to take the customer through 3-D Secure could include which country they are in or how the issuing bank usually reacts to a 3DS authentication request.

A Step Ahead

On a practical level, 3-D Secure 2.0 enables merchants to authenticate users in-app, on mobile and in digital wallets. Not only does this mean that transactions are more secure, but usability is improved because the messaging protocol is designed for these new methods of transactions.

What’s more, the chance of a fraudulent transaction is reduced because the methods used to authenticate are more reliable and there is more data that can inform a risk-based decision. Notably, token-based and biometric authentication – such as fingerprint scanning – can be used, rather than static passwords. Not only are static passwords easily compromised due to the number of consumers re-using passwords, but many username-password combinations have been sold on the black market following the successive data breaches that continue to occur.

Finally, usability for customers is improved, as they no longer have to remember a password or work around a system that was designed for browser-based authentication. This reduces the amount of transaction abandonment, which ultimately leads to more bottom line profit for the merchant.