The world of e-commerce is constantly strengthening its security systems, developing ever more reliable and modern methods to prevent fraud. Thus, the updated 3-D Secure 2.3 authentication protocol now is guarding personal data and online transactions.
A CHANGE OF TACTICS
The days of classic passwords are fading into the past. Users often forget their randomly-generated combinations or use too simple sequence of letters and numbers. Weak passwords are susceptible to fraud via phishing, man-in-the-middle and other types of attacks, taken from the servers of providers. One-time codes are much more reliable, but also quite vulnerable; if the victim disclosed their login and password to scammers, there is a high probability of transmitting the SMS code. Skilled criminals can act cunningly – for example, stealing funds from bank accounts using a duplicate of a phone’s SIM card.
The transition from user-created passwords to higher authentication standards is a main objective of the FIDO Alliance, which brings together world leaders in payment technology, telecommunications, healthcare and other industries. Thanks to FIDO, authentication with biometrics (UAF standard) and security keys (U2F standard) is now possible, and new leading solutions continue to develop.
EMVCo, in collaboration with the FIDO Alliance and W3C (World Wide Web Consortium), implemented support for Web Authentication (WebAuthn) and Secure Payment Confirmation (SPC) protocols for authentication by cryptographic keys for 3DS payment transactions, fully compliant with PSD2 and Strong Customer Authentication (SCA).
3-D Secure 2.3 makes e-commerce payments frictionless and secure, introducing important updates like:
- Authentication with SPC and WebAuthn. The cardholder will be able to authenticate using security keys or biometric data (face ID, fingerprints, voice recognition, etc.) in the merchant application. The issuer will verify the identity of the buyer without requesting additional data
- Device binding. The buyer can remember devices for further transactions. This principle has already existed since version 3-D Secure 2.2, where the merchant could whitelist the buyer
- Automatic end-to-end transition (out-of-band, OOB) between the trading application and the issuer authentication application
- Additional recurring transaction data and EMV payment token data to help issuers identify the transaction and simplify the authentication process for future purchases
- Support of non-traditional e-commerce payment channels and devices (smart watches, speakers and other iOT devices)
- Improved challenge screen with an OTP code and password on the same page and challenge data auto-fill-in
Many consumers find 3-D authentication using one-time passwords inconvenient and time-consuming, which often leads to purchase cancellations. And beyond that, sometimes correct transactions get mistakenly rejected, which can annoy customers. Both issuers and merchants are interested in simplifying the checkout process without sacrificing security. This is a powerful way to reduce cart abandonment rate and increase sales.
3-D Secure 2.3 aims to improve the customer payment experience. Thanks to WebAuthn and SPC, users do not need to remember dozens of complex passwords for various applications — the registration and shopping processes become fast and native, so customers can make purchases in a simple click.
FOR A FAST, EFFECTIVE 3DS IMPLEMENTATION, SOLANTEQ PROVIDES SOLAR 3DS SERVER AND SOLAR ACS. SOLUTIONS MEET CURRENT REQUIREMENTS OF EMVCo AND CAN BE EASILY INTEGRATED INTO ANY THIRD-PARTY PLATFORM