Three-Domain Secure (3D-Secure, 3DS) is a user authorization protocol for cardless payment transactions (CNP-transactions). This technology has been created for an extra protection of online purchases. The 3D-Secure protocol ensures secure data exchange between the card issuing bank, the merchant, and the buyer. Such an exchange confirms that the transaction has been initiated by the original account holder.
So, 3D-Secure is a payment gateway based on the 3DS protocol for authorizing e-commerce users.
The 3D-Secure payment concept reflects the involvement of three domains in the purchase process. The first domain is the seller of the product or service, initiating the request for payment card data; the second one is the payment system, sending the bank customer to the password verification page; the third one is the card issuing bank or a special service where the verification page with the option to verify the authentication code is generated.
How does 3D-Secure work?
The first level of authentication involves entering the following data:
- the card number
- its expiration date
- the cardholder’s name and an authentication code (CVC2).
The second level is provided by the 3DS protocol. It requires displaying the card issuer page on the online store’s site and entering an additional security code. The cardholder can receive this code in one of the following ways:
- through a special application
- using a card with a one-time code
- by sending a message to a cell phone.
In some cases the bank client can use a permanent security code that is already known to him.
How does 3DS 2.0 differ from 3DS 1.0?
3DS 2.0 may be regarded as a next-gen version of the 3DS protocol. The developer and owner of this product is EMVCo. The 2.0 protocol aims to fix the problems of the version 1.0. It’s designed to increase the 3DS technology value for all the participants of e-commerce transactions. Meanwhile, it raises the level of legitimacy of the payment operations and emphasizes the authentication need.
Here are the advantages distinguishing 3DS 2.0 from its predecessor:
- The addition of support for different channels and devices
- An update to the mobile SDK, which makes it possible to authenticate directly in the mobile app (without redirecting to the card issuing bank’s website)
- More authentication methods, such as tokens and biometrics, instead of static passwords
- Significant increase in the volume of transmitted data, providing high-quality authentication based on RBA technology (risk-based authentication).
The significance of 3D Secure technology
3DS payment gateway minimizes merchant risks because the implemented level of authentication prevents card fraud. Responsibility for transactions made using 3D Secure technology rests with the card issuer. The place of storage of all data provided in the process of customer authentication is the card issuer’s server, and the online store has no access to this data. This store has only a part of the card details, but only to the extent permitted by the PCI DSS. Thus, 3D Secure maximizes the security of data storage.
What are the benefits of implementing 3DS 2.0?
The updated version of 3D Secure provides online merchants with more valuable information when interacting with payment gateways and card issuers. The online store retains an important piece of data on customer payment transactions after orders are made. By collecting data, such as the percentage of authenticated transactions, as well as the number of customer redirects to the checkout page, merchants can get a more complete picture of a customer’s behavior. Moreover, retail analysts have access to the important information on fraudulent activity, allowing them to enhance the overall security level.
Given the fragmented nature of the modern payment landscape, the transition to 3DS 2.0 is absolutely necessary. Here are the main reasons:
- Unpredictable drivers that may change customer behavior (COVID-19 pandemic)
- Mass usage of mobile devices
- Increased requirements for speed, reliability and usability of payment tools.
The main advantages of implementing 3DS 2.0 include:
- The ability to avoid manual data entry to approve a transaction
- Adapting the payment process for goods and services in mobile applications and mobile device browsers
- Possibility of embedding the authentication procedure into applications (without using a browser)
- Increasing the convenience level for customers, thus reducing the number of failed purchases
- Introduction of additional verification methods, using biometrics and security tokens.
TODA offers customers a new level of security with its unique capabilities. Our integration team is trying to make this transition seamless by focusing on adapting PSP-function connectors to 3DS2. The more providers are engaged in offering 3DS2 support, the more of our connectors will be adapted to the new security standard.