What is payment fraud and how to prevent it
Payment authentication is often associated with a bad experience, consisting of multiple redirects and low authorization rates. 3D Secure 2 solves this problem by taking authentication to the next level and creating a safe and seamless payment experience for your customers.
3D Secure isn’t just a requirement for countries mandated under PSD2, but is a way for all businesses, everywhere in the world, to protect themselves against fraud. 3D Secure improves the payment experience for your customers, while saving you the costs of fraudulent chargebacks.
In this article, we'll dive into the other benefits of 3D Secure and how the payment and authentication flows work.
3 Domain Secure (3DS) is a security measure for online payments. The 3 domains (acquirer, scheme, and issuer) interact with each other using a 3DS protocol where they exchange information and authenticate the transaction.
3D Secure helps prevent fraud and is available for Card Not Present (CNP) transactions with all major card networks, and is mandatory in the EU, following the Revised Payment Services Directive (PSD2).
3D Secure 2 (3DS2) is the updated version of 3D Secure 1 (3DS1), which is currently being deprecated globally. 3DS1 is no longer supported by major card brands, with the exemption of India, Bangladesh, Bhutan, Maldives, Nepal, and Sri-Lanka, which are allowed to use it until October 2023.
3DS2 comes with a lot of benefits, including:
With 3DS2, native authentication happens without redirects and can also work on non-browser-based payment methods, improving the payment experience and increasing conversion rates.
The combination of certified SDKs and iframes in the checkout flow, paired with data-sharing APIs, makes 3DS2 the data conduit between businesses and banks. Over 150 potential data points are shared, which means that better risk decisions are drawn from the information you and card issuers know about your mutual customers. The more information you have to support authentication cases, the higher the chances of successful transactions.
3DS2 also has multiple options for customers to verify themselves, including biometric identifiers. More authentication flows and choices means increased security and lower drop-off rates in comparison to older solutions based on static passwords.
There are two different ways customers can verify themselves using 3D Secure: frictionless and challenge. The frictionless flow is based on background information that doesn't require the customer to actively verify themselves. The challenge flow means the issuer has determined the transaction needs additional verification from the customer.
The SDK and servers exchange all necessary information without involving the user.
Example of a frictionless flow
The user receives a request to provide two-factor authentication. Typically through an SMS code or with a personal password. The user can also use their face or fingerprint to provide biometric authentication.
Example of password authentication
Example of biometric authentication
The payment is only confirmed after the customer verifies themself.
The transaction doesn’t only rely on card details for verification. This means committing fraud is much more difficult if card details are stolen or there is a data breach on the merchant’s site.
Another benefit with 3D Secure is that it allows businesses to protect themselves from fraudulent chargebacks through a ‘’liability shift’’. Liability refers to the party responsible for financially compensating cardholders for fraudulent purchases.
A liability shift happens when a payment goes through the 3D Secure 2 challenge authentication flow and the liability for fraudulent chargebacks shifts from the business to the card issuer.
In some regions, card schemes may grant a liability shift after a successful frictionless flow too.
At Adyen, we use 3D Secure to take frictionless payments to the next level. We know that every business is unique, with different risk appetites and regions. Every market has its own unique regulations and behaviors. Adyen adapts to your local needs so that you can offer frictionless authentication and increase security everywhere.
Our authentication engine creates the right balance between convenience and security by using machine learning to make smart authentication decisions and assess whether a transaction should be authenticated through a frictionless flow or not. This results boosts conversion and creates a better customer experience.
We support multiple integrations for both browser and mobile flows via our Checkout solution. If you’re interested in learning more about 3D Secure? Check out our authentication page.
We’re always here to help, so if you have any questions regarding regulations or our products, get in touch.
By submitting this form, you acknowledge that you have reviewed the terms of our Privacy Statement and consent to the use of data in accordance therewith.