3-D Secure 2.2.0 (3DS2) — the new authentication protocol for online card transactions — is a truly exciting and welcome innovation. 3-D Secure 2.2.0 is designed to improve on its predecessor by reforming the weak points of the previous protocol. This next version of the 3DS is created especially for friction reduction in the transaction process to help improve conversion.
3DS2 offers advanced machine learning algorithms for better risk assessment. The new algorithms provide seamless data exchange between the merchant, acquirer and issuer.
3DS2 boasts 10 times more evaluation data points than its predecessor (such as the shipping address, device ID, previous transaction history, etc.). By collecting more data, issuers can more accurately determine the transaction risk.
As a result, a Visa case study found that 95% of transactions can be approved right away, and cardholders would benefit from 40% less fraud. Issuers want their cards to be the most popular among customers. And 3DS2 brings great benefits to both issuers and customers. The new protocol is designed to make the purchase process more convenient and reduce the number of incidents with a forgotten static code word and incorrect entry of one-time confirmation code. This will save time and money for the issuer by reducing customer service costs for incoming calls related to changing the password and most importantly keep the customer happy.
Customers will have the option to whitelist merchants to their issuer. Merchants from the white list will not need to verify such customers via 3-D Secure during subsequent transactions. This will simplify the payment process and reduce the transaction path length. The new protocol allows the initiator of a 3-D operation to be informed if the merchant is in the white list and whether additional user authentication is required using a one-time code (challenge flow) or whether authentication can be confirmed immediately by the issuer (frictionless flow). 3DS2 increases the conversion rate and decreases the cart abandonment rate, costs and false positives triggered by fraud prevention software.
3DS2 MEANS INCREASED REVENUE DUE TO POSITIVE CUSTOMER EXPERIENCE WHILE KEEPING SECURITY RISKS LOW
3DS2 introduces more ways to pay by expanding the protocol. It now supports mobile commerce including in-app purchases and digital wallet transactions. Frictionless payment features will make those payments even easier and more secure. And issuer authorization screens will be seamlessly integrated into the merchant's app.
One more reason why issuers should adopt 3DS2 is the upcoming Strong Customer Authentication (SCA) regulation which will come into force in Europe on September 14, 2019. The SCA requires a combination of at least two of the following authentication elements: something the customer knows (one-time password, SMS code, PIN, password, security question), something the customer has (token, phone, wearable device), and something the customer is (voice recognition, fingerprint).
Issuers will only require such strong authentication if the base screening process shows a high level of risk. If the risk is determined to be low, then the system authenticates the customer without extra security verification.
3DS2 is a necessary step in the evolution of the 3DS protocol. All in all, there seems to be a brighter future ahead for issuers, merchants and customers.