3DS 2.0 to improve the digital checkout and payment process

Could you provide our readers with a short background on 3D Secure 2.0, its objectives and specifications? What will it bring differently from the first version?

3DS 2.0 is a new authentication protocol that was recently finalized through EMVCo, the global technical body that facilitates the worldwide interoperability and acceptance of secure payment transactions by managing and evolving the EMV specifications and related testing processes. EMVCo is collectively owned by American Express, Discover, JCB, Mastercard, UnionPay and Visa and supported by dozens of banks, merchants, processors, vendors and other industry stakeholders who participate as EMVCo Associates. The new 3DS 2.0 standard is a giant leap forward for digital commerce.

3DS 2.0 is designed to improve cardholder authentication, and in so doing, improve the digital checkout and payment process. The new protocol is data-driven and uses hundreds of data points shared by merchants and issuers to authenticate in the background for a friction-free checkout experience in most cases. The result is expected to be fewer false positives, authentication-caused abandoned shopping carts, lost transactions and frustrated consumers.

Fundamentally, the big difference between the existing 3D Secure environment and 2.0 is that 2.0 creates a device agnostic environment. It creates an infrastructure that will allow the authentication process to happen, regardless of the device where the consumer is initiating the transaction. Whether it’s the Internet of Things, a wearable, a mobile device, on a browser or a native application on a mobile device, authentication takes place seamlessly behind the scenes.

What are the timelines for the migration to the new 3D Secure version and what could card issuers and merchants do to prepare in advance?

Our expectation is that we’ll see limited adoption of 2.0 in 2017, increasing in 2018. But it’s important for merchants and card issuers to begin preparing for the new spec, to start updating their infrastructure to support 2.0, and as a result we have been working with merchants and card issuers to help get them ready for the new standard. CardinalCommerce is ready with early adopter tests for both merchants and issuers.

Activation dates for both PSD2 and 3DS 2.0 vary among regions, but both protocols are expected to converge at the beginning of 2019. The earlier merchants and issuers alike engage with providers, the more seamless the transition will be, and the sooner all parties can take advantage of the risk-based authentication approach and additional data fields involved in the new protocol.

How does the 3D Secure 2.0 tie into the PSD2 strong customer authentication (SCA)?

Many in the payments industry are concerned about the Strong Consumer Authentication (SCA) rules set forth by the European Banking Association. With PSD2, were going to see that more and more customers are going to have to authenticate themselves every time they buy something.

The new 2.0 version of 3D Secure, as well as the Cardinal capability, creates a much more seamless way for consumers to authenticate themselves and an integrated approach so that merchants can request that authentication and consumers can do that in a much more seamless environment. We think that this technology will actually help us enable any PSD2 requirement, just in a much more convenient way.

How will 3DS 2.0 and PSD2 SCA impact online authentication solution providers?

While we cant speak for other solution providers, CardinalCommerce is fully ready to implement the 3DS 2.0 protocol and can help merchants with the transition. Since we will be in a mixed environment for many years, one where some banks have updated to 2.0 while others have not, Cardinal’s software operates seamlessly in the background to automatically employ the correct protocol regardless of what the card issuer is using. This makes it easier for merchants to get the maximum benefit from the new protocol, while shifting liability and ensuring good orders are not inadvertently declined, so-called false positives.

About Chandra Balasubramanian

Chandra Balasubramanian is Co-Founder, Executive Vice President and Chief Technology Officer at Cardinal. Since the company’s founding in 1999, Chandra has led development efforts creating Cardinal’s patented, award-winning technologies. Prior to co-founding Cardinal, Chandra was the co-founder and Division Manager of QIS/Live TechSolutions. Chandra has a Bachelor of Commerce degree from the University of Madras (India), an Advanced Diploma in Systems Management from the National Institute of Information Technology.

About CardinalCommerce

CardinalCommerce is the pioneer and global leader in enabling authenticated payment transactions in the card-not-present payments industry. Through One Connection to Cardinal, we enable friction-free, technology-neutral authentication and alternative payment services (including digital wallets and mobile commerce services). CardinalCommerce is headquartered in Cleveland, Ohio and services a worldwide Customer base from facilities in the United States, Europe and Africa.