3DS V2.2.0 Explained

We all know the drill with 3D Secure (3DS). Your customers are about to pay for something online with their debit/credit card and they get sent over to an outdated page from their banks to prove they are the rightful owner of the payment card being, in a process known as 2-factor authentication (2FA). A slightly confusing point of friction for your customer justified by the step-up in security and the liability shift for Merchants, which could guarantee that disputes on a 3DS-verified transaction related to fraud would be supported by the Issuer. 3DS 1.0. lacked native web and app flows and it was genuinely fiddly for customers, becoming an obstacle for those not enrolled in 3DS and displaying cumbersome 2FA flows along the way.

3DS 2.0. popped up in 2018 to change this paradigm. The change came with biometric authentication, a wider range of data being passed around in the background, and improved online experience for customers. All of this while maintaining the liability shift.

Device information became enough to proceed with customers' authentication, most of the time, simplifying the experience and offering a streamlined payment process. Nonetheless, transactions with higher risk scores or regulated by the Revised Payment Services Directive (PSD2) still required active approval. This is where 3DS 2.2.0 steps in.

The demand for a better checkout experience and improved security by consumers is, in many instances, what drives the online payments market forward. The infrastructure update in 3DS 2.2.0 expands the efforts to support the latest requirements of e-commerce stakeholders.

With the introduction of the second version of the Payment Services Directive (PSD2) last year, came different Strong Customer Authentication (SCA) exemptions. The new EMV 3DS V2.2.0 specification's biggest asset is the fact it supports these exemptions. 3DS V2.2.0 offers changes in identification and verification, system-initiated transactions, decoupled authentication, promotion of frictionless flow, and user experience.

How does 3DS V2.2.0 improve upon the previous version?

SCA guidelines require consumers to take additional security steps to identify themselves to their bank before being able to complete a payment. This extra step inevitably adds friction to the customer's checkout experience and is likely to impact conversion rates.

3DS V2.2.0 improves communication between Merchants and Issuers, maximizing the benefits of the PSD2 exemptions for SCA to be applied. But that is not all. 3DS V2.2.0 presents additional features to previous versions such as:

• Trusted beneficiaries lists: Through Whitelisting, Access Control Servers (ACSs) can enable the Cardholder to place the 3DS requestor on their trusted beneficiaries list. This ease of use greatly reduces the authentication fuss for recurring customers.
• 3DS Requestor Initiated (3RI) payments: 3RI payments are used in 3DS V2.2.0 transactions initiated by the Merchant when the Cardholder is not present in the session. 3RI is commonly used to collect recurring payments, or when a subscription-based Merchant wants to confirm that an account is still valid. Requestor Initiated payments enable a Merchant to initiate a transaction even if the Cardholder is offline.
• Decoupled authentication: This feature enables Cardholder authentication to occur separately from the 3DS workflow and the Cardholder's interaction with the Merchant, within a specified timeframe. Hence delegating the authentication responsibility back to the Issuer and, again, allowing cardholder authentication to occur even if the Cardholder is offline.

3DS V2.2.0's bells and whistles can help shape the flow of your payment operations for the better. Nonetheless, it all comes down to the fact that this update grants your business the liability shift needed to handle fraud and avoid compliance issues.

Why should you get on it now?

The European Banking Authority (EBA) graced the payment industry with an Opinion on the deadline for the migration to SCA under the revised Payment Services Directive (PSD2) for e-commerce card-based payment transactions back in October 2019. The Opinion sets the deadline to 31 December 2020 and prescribes the expected actions to be taken during the migration period. On this date, the PSD2 SCA grace period will come to an end and full SCA enforcement will start to apply for most EEA countries.

What does this mean for you?

By the end of 2020, all 3DS V1.0 enabled transactions will lose their liability shift right. Such a sanction puts Acquirers and Merchants at tremendous financial risk.

This means that, if you have yet to consider this transition, it is probably time to get on with it and make sure that whoever you are relying on to handle it can support 3DS V2.2.0, preferably well before the end of the year.

How does Switch help?

3DS V 2.2.0 makes things easier for your customers and has the potential to improve the user experience for your target audience. It simplifies your payment game and facilitates compliance. If you are considering the transition for your business, a 3DS Server Provider will come in handy to bridge your 3DS V2.2.0 transactions.

At Switch, we have a new 3DS Server to help you handle the shift. This means we will be able to handle your transactions through the new 3DS V2.2.0 as this becomes our new standard. Talk to us about how to enable 3DS V2.2.0 for your transactions.