What is 3D Secure 2.0?
- December 8, 2020
- 6 minutes
3D Secure 2.0 is an identity verification tool used to authenticate card-not-present transactions. The technology’s aim is to verify the person using the card is the actual cardholder — and not a criminal or other unauthorized person.
3D Secure 2.0 is an updated version of the original 3D Secure technology, and the platform’s functionality has changed significantly since its launch. There were several flaws with the 3DS process, and 3DS 2.0 has been created to address those shortcomings.
Now, the technology offers many benefits to merchants including more accurate fraud decisioning with less friction.
Learn more about 3DS 2.0, and find out if this fraud prevention tool could help your business.
3D Secure to 3D Secure 2.0: What Has Changed?
Originally launched in 2001, 3D Secure was created to provide an additional layer of fraud protection for card-not-present transactions. The concept was to request information that only the cardholder would know thus reducing the risk of unauthorized transactions.
The objective was sound, but the way the original technology went about achieving it was not.
After submitting payment information for an online purchase, a shopper was redirected to a separate webpage created by the issuing bank. The page asked for a static password that the cardholder was supposed to remember and provide for any transactions covered by 3DS1.
The process had several drawbacks.
What Were the Drawbacks of 3DS 1.0?
Unfortunately, the 3DS user experience wasn’t ideal. There were some notable problems:
- Friction: All transactions processed through 3DS required a password. There wasn’t a frictionless workflow for low-risk transactions. Customers had to provide additional information every time.
- Suspected Fraud: The 3DS page did not have the same look and feel as the merchant’s checkout page. This often made users suspect a fraudster had rerouted them and was attempting to steal sensitive information.
- Page Loading Errors: Oftentimes, the 3DS page wouldn’t load properly — especially on mobile devices. This made it difficult or impossible for the user to enter the password required to proceed.
- Forgotten Passwords: 3DS wasn’t widely adopted by merchants and banks, so cardholders only encountered it sporadically. Infrequent use made it difficult for users to remember their static passwords.
When faced with obstacles they couldn’t overcome, users would either try a different card or a different merchant. This would result in revenue loss for the bank, merchant, or both.
Updating to 3DS2 was an attempt to solve these issues and provide a better user experience.
How Does 3D Secure 2.0 Work?
Despite the update to 2.0, the technology’s goal remains the same: verify the shopper’s identity to reduce the risk of fraud.
While the original platform relied solely on password validation, the new process prioritizes collaboration and uses passwords for secondary authentication when needed.
With 3D Secure 2.0, a merchant sends information to the customer’s bank (called the issuer or issuing bank) in real time. This information is a combination of transaction-specific information like shipping address and contextual information such as the customer’s device ID or order history.
The issuer uses machine learning to review the information provided and determine the likelihood of fraud. Based on the assessment, the bank does one of two things:
- Approves the transaction: If the bank believes the cardholder is the person making the purchase, the bank authorizes the merchant to proceed.
- Challenges the transaction: If the information provided doesn’t match the norm or seems suspicious, the bank requests additional information. The customer needs to share a one-time password obtained via email or text. Or, the customer needs to provide biometric identity verification like a fingerprint or facial scan. If the customer is authenticated during the challenge process, the merchant is safe to proceed. If not, the transaction is flagged as a high risk for fraud.
The process looks like this:
Advantages of 3DS 2.0 Over 3DS 1.0
There are several advantages of 3D Secure 2.0 over 3D Secure 1.0. The most significant updates are reduced friction, enhanced fraud decisioning, an improved mobile experience, and greater international capabilities.
New Frictionless Flow Reduces Cart Abandonment
Perhaps the most noteworthy feature of the new 3DS 2.0 technology is the frictionless flow.
If there is sufficient information to verify the cardholder’s identity, the transaction is authenticated without additional input from the shopper. Gone are the days of challenging each and every transaction!
Visa estimates that 95% of transactions can be funneled through the frictionless flow. As a result, customers have a better checkout experience and merchants have greater earning potential.
Increased Data Improves the Accuracy of Fraud Decisioning
The 3D Secure 2.0 platform delivers 10 times more data than the original 3D Secure 1.0 technology.
By increasing the amount of data that is shared, the technology’s fraud decisioning capabilities are more accurate. Merchants experience a decrease in false declines (good transactions that are incorrectly labeled as fraud and unnecessarily declined). Plus, more fraud attempts are successfully blocked. Visa estimates merchants experience 40% less fraud.
In-App Capabilities Enhance the Mobile User Experience
With 3D Secure 1.0, the desktop user experience wasn’t ideal. But on mobile websites and apps, it was often completely dysfunctional.
3D Secure 2.0 includes a total redesign of the mobile experience. Built after the rise in smartphones, the technology’s creators and issuing banks have a better understanding of how users interact with mobile devices. These insights influence the design and functionality of 3DS 2.0, ensuring the most seamless experience possible.
In many situations, the available device information is enough to authenticate the transaction without any additional input from the customer.
But if the transaction does need to be challenged, the process can be completed within an app. Merchants can incorporate 3DS 2.0 into their mobile apps, ensuring the look and feel of the checkout experience remains constant from beginning to end.
Standardization Enables International Use & Compliance
It was especially challenging for international businesses and consumers to use 3D Secure 1.0. Payment processes, legislation, and security requirements vary by region, and 3DS 1.0 wasn’t universally compliant.
Updates to 3D Secure 2.0 address these concerns, and the technology is now able to be used more consistently across international markets.
In fact, merchants can use 3D Secure 2.0 to comply with Europe’s updated payment services directive (PSD 2) when strong customer authentication (SCA) is required.
How Does 3D Secure 2.0 Impact Chargeback Management?
If you, as a merchant, are considering adding 3D Secure 2.0 to your chargeback prevention efforts, there are a couple of things to note.
There are several different tools and tactics that can help prevent chargebacks. 3D Secure 2.0 is a viable option, along with address verification service (AVS), card security codes (CVV, CVC), chargeback prevention alerts, Order Insight, Consumer Clarity, and more.
One thing that makes 3D Secure 2.0 different from most other available tools is that it includes a liability shift. If fraud does happen, the less protected party is responsible for the financial loss.
This means 3D Secure 2.0 can be a useful way to prevent both fraud and the resulting chargebacks. And if authenticated transactions are disputed, they should be easy to fight and win.
Just like all fraud detection tools, 3D Secure 2.0 does have its faults.
First, it’s possible that 3D Secure 2.0 could turn away good customers and limit your earning potential. Even though 3DS 2.0 is a more seamless process than 3DS, it can still cause friction. And, you run the risk of false positives with any fraud tool you use.
Second, 3D Secure 2.0 might have a negative ROI for your business. If you have tight profit margins, the extra cost per transaction might be more than your bottom line can handle.
Lastly, the technology may only be effective at preventing a small portion of your chargebacks. 3D Secure 2.0 is only capable of verifying the shopper’s identity. It can’t, for example, prove you sent the right size sweater or delivered the ebook like you promised.
Best Practices for Using 3DS 2.0 to Prevent Chargebacks
Because there are pros and cons associated with all chargeback prevention tools, you can’t rely on a single tactic to manage risk. Rather, you should create a multi-layer chargeback prevention strategy.
Using multiple tools at various stages of the transaction lifecycle creates the most comprehensive protection possible.
Yet managing several different tools and strategies can be a complicated task. Fortunately, with Midigator’s help, you can simplify processes, automate responsibilities, and consolidate data.
If you’d like help creating an effective yet efficient chargeback prevention strategy, contact our team of experts. We’ll help you determine which tools and tactics are right for your business.