Payment authentication is often associated with a bad experience, consisting of multiple redirects and low authorisation rates. 3D Secure 2 solves this problem by taking authentication to the next level and creating a safe and seamless payment experience for your customers.
While 3D Secure is not a mandatory requirement for businesses in Australia, it is a way for them to protect themselves against fraud. 3D Secure improves the payment experience for consumers, while saving businesses the cost of fraudulent chargebacks.
In this article, we'll dive into the other benefits of 3D Secure and how the payment and authentication flows work.
Quick recap: What is 3D Secure?
3 Domain Secure (3D Secure) is a security measure for online payments. The 3 domains (acquirer, scheme, and issuer) interact with each other using a 3DS protocol where they exchange information and authenticate the transaction.
3D Secure helps prevent fraud and is available for Card Not Present (CNP) transactions with all major card networks. Although it is not mandatory in Australia, it is a mandatory requirement in the EU, following the Revised Payment Services Directive (PSD2).
Evolution of 3D Secure
3D Secure 2 (3DS2) is the updated version of 3D Secure 1 (3DS1), which is currently being deprecated globally. 3DS1 is no longer supported by major card networks, with the exemption of India, Bangladesh, Bhutan, Maldives, Nepal, and Sri Lanka, which are allowed to use it until October 2023.
The main difference between 3DS1 and 3DS2 is that the new security measure is optimised for more devices like smartphones, PC, and mobile app payments. The infamous pop-up windows of 3DS1 is gone, creating a more frictionless checkout flow.
Additionally, with 3DS2 authentication, businesses can now send more than 100 data elements to card issuers for more intelligent risk scoring, up from the original eight data points. The increased number of data elements improves risk-based authentication, ensuring frictionless checkouts for most low-risk transactions from trusted consumers.
Why is 3D Secure being updated?
As payment technology evolves, so does fraud risks and techniques. Close to half of Australian businesses (45%) say that fraudulent transactions and chargebacks are a significant cost for them. This indicates how vital it is to keep up with ever-evolving risk trends, like with the updated 3D Secure protocol. 3DS2 is a better way to handle Strong Customer Authentication (SCA), making secure transactions easier and more seamless for both enterprises and consumers.
Benefits of 3D Secure 2
3DS2 comes with a lot of benefits, including:
With 3DS2, native authentication happens without redirects and can also work on non-browser-based payment methods, improving the payment experience and increasing conversion rates.
The combination of certified SDKs and iframes in the checkout flow, paired with data-sharing APIs, makes 3DS2 the data conduit between businesses and banks. Over 150 potential data points are shared, which means that better risk decisions are drawn from the information you and card issuers know about your mutual customers. The more information you have to support authentication cases, the higher the chances of successful transactions.
3DS2 also has multiple options for customers to verify themselves, including biometric identifiers. More authentication flows and choices means increased security and lower drop-off rates in comparison to older solutions based on static passwords.
How does 3D Secure work?
There are two different ways customers can verify themselves using 3D Secure: frictionless and challenge. The frictionless flow is based on background information that doesn't require the customer to actively verify themselves. The challenge flow means the issuer has determined the transaction needs additional verification from the customer.
The SDK and servers exchange all necessary information without involving the user.
The user receives a request to provide two-factor authentication. Typically through an SMS code or with a personal password. The user can also use their face or fingerprint to provide biometric authentication.
The payment is only confirmed after the customer verifies themself.
The transaction doesn’t only rely on card details for verification. This means committing fraud is much more difficult if card details are stolen or there is a data breach on the merchant’s site.
3D Secure and chargeback liability shift
Another benefit with 3D Secure is that it allows businesses to protect themselves from fraudulent chargebacks through a "liability shift". Liability refers to the party responsible for financially compensating cardholders for fraudulent purchases.
A liability shift happens when a payment goes through the 3D Secure 2 challenge authentication flow and the liability for fraudulent chargebacks shifts from the business to the card issuer.
In some regions, card schemes may grant a liability shift after a successful frictionless flow too.
Adyen Authentication: The right balance between security and convenience
At Adyen, we use 3D Secure to take frictionless payments to the next level. We know that every business is unique, with different risk appetites and regions of operation. Every market has its own unique regulations and behaviours. Adyen adapts to your local needs so that you can offer frictionless authentication and increase security in any location.
Our authentication engine creates the right balance between convenience and security by using machine learning to make smart authentication decisions and assess whether a transaction should be authenticated through a frictionless flow or not. This results boosts conversion and creates a better customer experience.
We support multiple integrations for both browser and mobile flows via our Checkout solution. Interested in learning more about 3D Secure? Check out our authentication page.
We’re always here to help, so if you have any questions regarding regulations or our products, get in touch.
Frequently asked questions
1. Which card networks support 3D Secure?
3D Secure is supported by most major card networks. Consumers can recognise it with branded names like Visa Secure, Mastercard Identity Check, American Express SafeKey, J/Secure (JCB), or ProtectBuy (Diners Club International/Discover).
2. Is 3D Secure mandatory in Australia?
3D Secure is not mandatory in Australia. However, AusPayNet requires businesses above the fraud thresholds to implement 3DS2. The fraud thresholds are:
Above AUD 50,000 in fraud losses and,
Fraud-to-sales ratio of 0.2% and above for two consecutive quarters
Find out more here.
3. What is the equivalent of PSD2 in Australia?
PSD2 is the EU regulation for electronic payment services. It mandates strict security standards and protocols that banks and other financial service providers have to follow to participate in open banking.
Consumer Data Right (CDR) is Australia's answer to PSD2. CDR enables Australian consumers to safely share their data via bank data APIs that passes the Australian Competition and Consumer Commission's stringent accreditation process.