TABLE OF CONTENTS





What is 3-D Secure? 


 

3-D Secure is an online security protocol created to prevent fraudulent use of credit and debit cards during online transactions. This protocol involves an additional verification step to proceed with online payment. The cardholder will need to enter additional verification, such as a code generated via a key generator or sent to their phone, or the password associated with their card. This verification is a one-time password (OTP), which only the cardholder can know or have access to. It ensures the protection of the cardholder's funds if their card details were compromised or their card was stolen.

When is 3D Secure required? 


    Under PSD2, 3D Secure and Strong Customer Authentication (SCA) are required on all cardholder-initiated transactions when both the card issuer and acquirer are within the European Economic Area (EEA). If one of the two parties is outside the EEA, SCA is not required. This type of transaction is called a "one leg out" transaction.


What protection does 3DS offer? 

3-D Secure offers protection to merchants by ensuring that they are not responsible for fraudulent purchases involving 3-D Secure. As long as the merchant manages to authenticate the customer using SCA or attempts to authenticate, but the card is not enrolled in the program, liability for fraudulent activity shifts to the card issuer (liability shift).(liability shift).

What is 3-D Secure 2.0 and 2.5? 


3-D Secure 2.0 is a new authentication protocol for online transactions that approaches the weak points of the original 3-D Secure.  3DS2 allows two payment flows:

  • Challenge flow requires additional verification from a cardholder, such as biometrics or code.
  • Frictionless flow allows a card issuer to approve a payment without the need to interact with the cardholder. A cardholder is not required to go through 3DS authorization here. Consequently, a higher conversion rate achieved. 

The most recent version, 3D Secure 2.5, builds on 3DS 2.0 by adding several new features, including dynamic linking, which binds the transaction data to the authentication data, and delegated authentication, which allows third-party authentication providers to participate in the authentication process. 3DS 2.5 also enhances the risk-based authentication feature, enabling merchants to assess the risk of a transaction in real-time and adapt the authentication requirements accordingly.