If you’re a business owner in Europe, you’re undoubtedly worried about the EU’s second payment services directive (PSD2). You’re not alone. Bigger players like payment service providers and banks are also concerned.
PSD2 will bring a number of changes to the payments space, including strong customer authentication (SCA), which involves 3D Secure 2.0. We explore the details of 3D Secure 2.0 below.
What is 3D Secure 2.0?
Three-domain secure 2.0 (also written as 3D Secure 2.0, 3-D secure 2.0, or 3DS 2.0) is an updated specification for 3D Secure 1.0. It’s a protocol that helps connect acquirers and issuers for the purpose of authenticating a cardholder’s e-commerce transaction or providing identity verification and account information.
The main purpose of 3D Secure 2.0 is to act as an additional security layer in the payment process and reduce unauthorized card-not-present transactions, primarily ones related to e-commerce. “3D secure 2.0 is the new standard through which SCA is achieved when using a credit or debit card in ecommerce and similar spaces, where transactions are primarily made through digital means,” says Jeremy Bellino of Worldpay.
How does it differ from 3D Secure 1.0?
3D Secure 1.0 was released around the year 2000. Over the past two decades, technology has come a long way. As a result, the 1.0 version has become outdated and is now unable to protect customers as well it should.
By comparison, 3D Secure 2.0 provides many more protections and improvements:
- It provides issuing banks with significantly more data. The 1.0 version only looks at a few static pieces of data such as name and email. 3D Secure 2.0 captures numerous pieces of data about the purchaser, including browser type, browser version, type of device, software the device is using, and location. “The issuing bank can then use these dynamic data points to make a more informed risk-based assessment, and ultimately make the decision to approve or decline a transaction,” Bellino explains.
- It can help determine whether a transaction needs authentication. With the additional data provided by 3D Secure 2.0, banks can see a broader picture of each customer and better narrow in on whether customer authentication is really necessary.
- It optimizes the user experience for mobile browsers and apps. The 1.0 version supports only web-based browsers and was designed for the desktop, so any popups or embedded interfaces are small and difficult to use. 3D Secure 2.0 is designed for the mobile world we live in: It’s more responsive to smaller devices and works on mobile apps.
- It supports SCA exemptions. There are several exemptions to SCA, such as transactions below a certain value; however, the 1.0 version is not able to support any of them. Therefore, the SCA exemption process is nonexistent within a 3D Secure 1.0 framework. 3D Secure 2.0 is required to use any SCA exemptions that may apply. “This is a big drawback area for the previous version of 3D Secure. Business owners who want to be compliant with PSD2 will definitely need to upgrade to 3D Secure 2.0 or use a payment solution that is already PSD2 compliant,” notes Bellino.
PSD2 is a complex topic regardless of the part you play in the payment space. To help you better understand what’s coming down the pike and give you some direction, including SCA exemptions you can take advantage of, check out our guide on becoming PSD2 compliant.