What Online Merchants Need To Know About 3D Secure 2.0
In October 2016, EMVCo – the body responsible for 3D Secure, and numerous other secure payment features we use every day – announced 3-D Secure 2.0, publishing technical guidance a year later.
Since then, payment providers, card issuers and banks have been working to rollout 2.0.
Version 1.0.2 – the most common one in use – was designed for PCs. But as every e-commerce retailer, and any other organisation that takes online payments from customers, knows PCs are old news. Even laptops and notebooks have lost ground to smaller devices. In some countries, Version 1.0.2 has been in use for over a decade. E-commerce and online payments has changed considerably in that time.
Now online retail takes place on smartphones and tablets, and that trend is not slowing down or reversing. M-commerce is the future. M-commerce accounts for 60% of total global ecommerce sales, using a PC for a purchase is increasingly a thing of the past. Merchants need tools that keep them, the customer and card issuer secure, without compromising the retail experience. Version 2.0 of 3D Secure sets out to achieve this.
The Problem with Version 1.0.2
Unfortunately, as any merchant from their basket abandonment rates, 3D Secure can prevent purchases from happening. While in the UK and some European countries 3D Secure is widely recognised by consumers as a trusted part of the payment journey, in some other countries it is not.
These are some of the key challenges with version 1.0.2 that has prompted the latest update:
- Poor mobile integration, including user-experience issues
- Some users thought it was a phishing scam
- End-users needed to enrol through their banks
- No minimum standards set for passwords, making it easier to break them using brute force attacks
- Potential for man-in-the-middle attacks, which 3D Secure was meant to prevent.
Before 2.0 was announced, some retailers were complaining that the cost of abandoned carts was more than they were losing to fraud prior to implementation. This couldn’t continue indefinitely, which is why the payments industry and retailers were relieved when 2.0 was announced.
3D Secure for Merchants
How fast 3D Secure is rolled-out will depend on a wide variety of factors and players in the sector. Version 2.0 is not compatible with earlier versions, which is why integration is more complex and will take time to implement.
Payment technology providers and payment gateways are working on implementing the new specifications and SDK (Software Development Kit) for mobile and browser-based authentication development.
Meanwhile, the PCI (Payment Card Industry) Security Standards Council is working on additional security requirements, assessor training and templates. These documents and guidelines were issued during 2017. And at the same time, merchants and card issuers need to make changes to internal procedures, which also meant that MPI (Merchant Plug-In) and third-party ACS (Access Control Server) providers need to make updates to adhere to the new authentication standard.
All of this is happening in the background in preparation for the launch of 2.0. Visa and Mastercard are mandating 3DS 2.0 by April 2019 when merchants can start accepting transactions through 3D Secure 2.0 security authentication, across every channel.
Benefits of 3D Secure 2.0:
Here’s a quick reminder of the benefits of 3D Secure 2.0.
- Data-driven: Giving card issuers risk assessment and authentication authority;
- Enhanced data collection: Making it easier to assess when a transaction is statistically likely to be authentic compared to potential fraud;
- Merchants have more control over the payment journey and by using profiling can offer low risk transactions a smoother experience;
- 3D Secure 2.0 can be used across every shopping channel.
- It is also data driven, improving the authentication process using hundreds of data points rather than relying on static passwords;
- Merchants and other organisations with an online presence can even use 3D Secure 2.0 to authenticate documents or other transactions that don’t involve payments.
Secure Trading’s payment experts are available to discuss any concerns your business has about fraud, 3D Secure and conversion rates. Please get in touch if you would like to explore ways to enhance your payment process and reduce fraud. Call 0333 240 6000 or email [email protected]