What is 3D-secure 2.0?

Online card payments have made every buyer’s life easier, allowing merchants to increase profits through the convenience of payment and high transaction speed. However, along with the level of convenience, the number of fraudulent transactions has increased. To help merchants authenticate customers quickly and seamlessly, Visa created the 3D-Secure 1 protocol back in 1999.

Since then, however, fraudsters haven’t been idle, either, creating a myriad of ways to conduct illegal transactions, so it became apparent that something new and more advanced was needed to protect merchants. The new 3D-Secure 2.0 protocol was just that. It analyzes 100 pieces of data to prevent fraud, including cardholder information, geographic location, previous transactions, mac address, device information, device ID, and other sensitive data.

The 3D-Secure service provider decides on the level of risk after analyzing all this data. If the risk deemed high, the cardholder has to additionally verify his/her identity through two-factor authentication or biometric data. If after that the transaction deemed high risk, no further action is required from the buyer. The issuer will send the authentication results to the seller.

How is 3D-Secure 2.0 different from the first version?

  • The main difference between the new version of the protocol is the maximum ease of the authentication process. In addition, many users note that the user interface has also been improved, and this is clearly visible on various devices. As we said earlier, with 3D-Secure 2.0, merchants are able to send significantly more information to their issuing bank for verification than with the earlier version of the protocol.
  • The next update is the use of dynamic authentication with special tokenization-based methods, as well as the use of biometric data. Cardholders no longer need to be required to enter their passwords manually. Consequently, the transactions themselves are carried out faster and with a lower level of risk.
  • The latest version of the protocol includes the ability to recognize soft deviations, which was previously unavailable. So, when receiving a transaction authorization request, in case the issuer wants to authenticate in advance, the new version of the protocol makes it possible to do so. Accordingly, the probability that the client can cancel the transaction or it can be rejected by the issuer is reduced to a minimum.
  • There is also functionality in 3D-Secure 2.0 that allows you to configure transactions that are initiated by the seller. First and foremost, this feature will come in handy for the merchant himself at a time when he will need to make adjustments to accept regular payments from customers. SCA will be needed only for the first payment and all other payments will be made without it. Thanks to 3D-Secure 2.0, the first payment is authenticated by the merchant and then they set up all subsequent payments as transactions that are initiated by him.
  • It is also worth remembering that 3D-Secure 2.1 and 2.2 are different from each other. Support for exceptions is the main difference between these versions of the protocols. Additionally, version 2.2 provides the option to support delegated as well as unbound authentication. Non-associated authentication refers to a type of authentication which is trusted by the issuers to a third party. Non-associated authentication means authentication using methods that are used separately from the main authentication stream. It can be performed even if the cardholder is not online. For example, such authentication is performed using a smartphone to allow authorization on a computer or other device.

Thus, we can safely say that 3D-Secure 2.0 is a major step forward towards higher security and more thorough user authentication.