What is 3D Secure 2

3D Secure (3DS) is a security protocol designed to prevent fraudulent use of credit cards in card-not-present (CNP) transactions. Introduced in 1999, it adds an extra verification step during online purchases to authenticate customers and reduce fraud risk. The flux below presents a payment process using 3DS:

Key components of 3DS

  • Merchant Plugin Interface (MPI): Initiates the verification process and securely exchanges information between the merchant, scheme directory server, and issuing bank.
  • Scheme Directory Server (DS): Acts as a centralized database that identifies the issuing bank and determines the authentication method.
  • Issuer Access Control Server (ACS): Verifies the cardholder's identity during a 3DS transaction. The ACS evaluates authentication requests and performs risk assessments based on the bank's policies.

3D Secure 2 (3DS2)

Released in 2016, 3D Secure 2 (3DS2) enhances security while improving the user experience. Unlike the original 3DS, which relied on static passwords, 3DS2 introduces biometric authentication and token-based verification for a smoother, more secure process.

Key improvements of 3DS2

  • Supports authentication via biometrics, one-time passwords, and risk-based authentication.
  • Reduces transaction friction with a seamless flow for trusted customers.
  • Enhances fraud detection through detailed data sharing between merchants and banks.

EMVCo, an organization owned by major card networks, develops and manages 3DS2. As of October 2022, all major card brands have discontinued support for the original 3DS, making 3DS2 integration essential for secure transactions.

Yuno provides an easy 3DS2 integration, ensuring secure and frictionless payments for your customers.

Benefits of 3D Secure 2

3DS2 enhances security while improving the user experience, adapting the original protocol to modern payment technologies.

Optimized for new technologies

Designed for the rise of smartphones, 3DS2 enables banks to offer biometric authentication, such as fingerprint or facial recognition, through mobile banking apps. This flexibility allows merchants to provide authentication methods that align with user preferences, creating a more convenient and secure checkout experience.

Integration capabilities

3DS2 includes an SDK component that enables native mobile app integration, allowing merchants to authenticate transactions directly within their apps. This eliminates full-page redirects, ensuring a smooth and uninterrupted checkout process.

Enhanced data for authentication

3DS2 enables businesses to share ten times more transaction data with the cardholder's bank. This includes payment-specific details (e.g., shipping address) and contextual data (e.g., device ID, transaction history). With more data, banks can assess risk more accurately and often authenticate payments without additional input from the customer.

Authentication flows in 3DS2

Frictionless flow

In a frictionless flow, the system verifies the customer's identity automatically, using background data exchange. Since the system already recognizes the user's device and information, no additional action is needed.

Challenge flow

If the available data isn't enough to verify the customer, the system triggers a challenge flow. This requires an additional authentication step, such as a one-time password or biometric verification. The customer may also be redirected to their card issuer's page for further validation.

Better user experience and conversion rates

By reducing friction in the authentication process, 3DS2 improves the checkout experience, lowers cart abandonment rates, and increases conversion rates, making online payments both more secure and user-friendly.