3D Secure 2.0 - The Lowdown For Online Businesses

3D Secure 2.0 - The Lowdown For Online Businesses


Ask any online merchant what immediately springs to mind when you mention the term ‘3D Secure’. Chances are the answer will be ‘conversion killer’...am I right or am I right?!

So now that 3D Secure 2.0 is on the scene, you’d nearly be forgiven for thinking it’s just a souped-up form of the original version that’s been around for nearly 2 decades, and has, quite frankly been a thorn in the side of merchants and customers. Selling anything online is far from a walk in the park, especially when 1 in 60 transactions are fraudulent, and until now, businesses have had to make the conscious decision to either protect their online stores by implementing 3D Secure authentication, knowing full well that customer experience would suffer, increasing cart abandonment rates and decreasing conversions, or take a hard pass on 3D Secure and risk fraudulent transactions.

So is 3D Secure 2.0 going to help retailers? Here’s the lowdown...



What is 3D Secure 2.0 and how is it different to 3D Secure?

Excellent question! Unlike 3D Secure Version 2 powers user authentication through biometric identification (for example fingerprints, facial recognition, iris scanning, etc.) and looks to eliminate reliance on static passwords that frankly no one ever remembered.

With 3D Secure 2.0 the initial enrollment process for users is eliminated, and in-app as well as mobile wallet payments can now be authenticated - something that 3D Secure never mastered. In short, 3D Secure 2.0 aims to remove the friction that caused many consumers to abandon their purchase and hopefully advocate more passive forms of authentication.

So with 3D Secure 2.0 merchants can implement a protocol to protect their online stores from fraud, and it will not be to the detriment of good shoppers. Win, win, right?


Why is any of this important?


So what’s the catch? Well, it would certainly appear that there isn’t one! Understandably, merchants may be cautious to adopt 3D Secure 2.0, especially if they felt conversion drop with 3DS. However, under PSD2 they only have until September 2019 before 3DS2.0 is mandated, while the card issuers themselves must be 3DS2.0-ready by April 2019. The truth is that 3D Secure 2.0 could be just what the doctor ordered for businesses. You see, the emphasis that the payment service directive in the EU has placed on strong 2 factor customer authentication (SCA) for card-not-present transactions means that merchants are soon going to have to ensure that all transactions are verified by meeting at least two of the following criteria:

  • Verification through information that the user knows (such as a password or PIN)

  • Verifications through a possession of the user’s (e.g. mobile phone, physical token, card, etc)

  • Physical verification by the user (fingerprint, iris, facial recognition)

So what this means is that businesses will no longer be able to look at authentication as an optional component of their checkout process. Biometric verification will have to be implemented whether merchants like it or not because come September 2019, if they aren’t compliant they will struggle to have transactions authorised - and no one wants that!!!!! Furthermore, if merchants are ready by April 2019, but card issuers are not, it means that there’s a free opportunity for liability shift available for the taking.


Taking 3D Secure 2.0 one step further

3DS2.0 is about adopting the protocol and learning how your customers interact with it. The user experience has to remain king and given that with 3DS2.0 there is no longer a redirect this means that for all online retailers a checkout redesign is necessary - whether they want one or not!

Speaking about the benefits of adopting the latest iteration of authentication technology, Colin Neil, SVP of Business Development at Adyen says:

“ 3DS 2.0 should be viewed by businesses as an opportunity to not only reduce fraud and support good shopper experiences but also to optimize revenue. Remember 3DS2.0 also allows retailers the opportunity to pass more information to the Issuers when making authorisation decisions...more information should mean more positive responses and that can only be good for the retailer”.

We’ve said it before and we’ll say it again - online fraud is always going to be a given in digital commerce. Hackers are always going to exist, and as time and technology moves on, they too are coming up with more innovative and sophisticated ways to stay ahead. However, with the advancements of solutions such as 3D Secure 2.0, there is comfort for merchants in knowing that they can crank their online security up a couple of notches without having to compromise on customer experience.

Only time will tell how 3D Secure 2.0 affects (or rather, enhances) the payments landscape in digital commerce. Will 3D Secure 3.0 eventually be a thing? Very likely. Will it take another 19 years before another iteration is released? Considering the rate that technology and payment methods are evolving, our bet is that it’ll most likely be sooner than later. What we do know for sure is that this is a step in the right direction for both businesses and customers alike, and it couldn’t have come at a better time.

What do you think? Will you implement 3D Secure 2.0, or are you wary of the possible impact on your customers, given the nature of 3D Secure 1.0 (aka ‘the conversion killer’)? Share your thoughts on our Twitter, Facebook, or LinkedIn pages - we’d love to hear from you!


Posted by: Michelle McSweeney - 27 November 2018

Post tags #payments #3d secure #online fraud

Related posts