We are a financial service tailored to entrepreneurs, consultants, remote...
The main tool for merchants today is 3D Secure v.2 protocol. In this article, you’ll learn how it works.
You have probably heard about the advantages of installing systems for making customer payments on your business website or in a native application. Merchants, banks, card networks, and payment gateways are involved in a complex system that needs to be secured. Cybercrime and various types of fraud are the main concerns of businesses as they not only reduce the seller's revenue but also lower the reputation and trust of customers.
Unfortunately, fraud continues to evolve and adapt to new barriers and protective measures. As an e-commerce business owner, you need to think about how to make sure your payments are as secure as possible. But how to avoid data leaks or money transfers to fraudsters' accounts? The main tool for merchants today is 3D Secure v.2 protocol. In this article, you’ll learn how it works and why it is a perfect instrument to provide safety.
The development of technologies for business security plays an essential role and becomes reliable support for both startups and large companies. Following the trend, all of the major credit card networks offer a version of the 3D Secure protocol that adds an additional security layer to the checkout process. It allows sellers to transmit detailed information about transactions to the issuing bank safely.
Multi-factor authentication was believed to be one of the most efficient protective measures, but hackers have adapted, so now they can relatively easily bypass MFA. According to modern estimates, 3D secure v.2 can reduce credit card fraud by at least 40%, an impressive achievement. It is important to note that such efficiency was not achieved immediately, since the first version of 3D security was less effective. Let's take a look at the history and see what advantages and disadvantages 3D v.1 had and how it has changed now.
The first version of 3D secure technology had some constraints. The primary and, according to the developers, the most important element was the system of confirming the identity of the client. On the one hand, the fraud analysis showed that the transaction was potentially risky, which was crucial in the transaction approval stage. On the other hand, there were several serious disadvantages.
Firstly, the ability to use only 15 types of transaction data limited the analysis capabilities. Secondly, notification of risks led to an increase in the number of refusals from purchases. Thirdly, a 3D v.1 Protocol required PIN approval, and a transaction was rejected if the customer forgot the PIN. What’s more, customers were redirected to the card network website from the seller's checkout page in order to confirm the transaction, which increased the time of order approval.
Despite the difficulties in verification, the use of the protocol has become much more efficient. In the 3D v.2, authentication requires not only redirection to the card issuer's website, but also additional methods that do not require active user participation. Let's take a closer look at the updates and evaluate their utility.
The solution to ensure security automatically was based on RBA (risk-based authentication). It collects data about cardholders and transmits them to the issuing bank. This data plays an important role in making payments, as it contains multiple meaningful elements, for example, information about the cardholder, a payment device (mobile or desktop), a geographical location, and even transaction history. Changes in the method of authentication of the payer due to the use of RBA provided much more information for analysis and a clear separation of real customer requests and fraudulent ones.
The issuing bank's authentication and authorization system (Access Control Server — ACS) logically follows the collection of user and card data. The technology is aimed at comparing the information received with historical data about the operations of one particular user. As a result of such verification, the degree of fraud risk for this transaction is determined and the issuing bank decides whether additional verification is necessary or the transaction can be confirmed. If everything goes well, the transaction is carried out using simplified authentication (frictionless flow), and the user is automatically authenticated and verified, hence, the payer does not even notice that they were checked.
Mobile payment technologies that can be implemented on a mobile version of a website or in an application are gaining popularity. According to users who are already accustomed to several stages of payment confirmation, it is more convenient to make payments and confirm them from a smartphone than using two devices (one for PIN-code or SMS verification, the second one as a checkout page). With the increase in the number of mobile payments, the 3D Secure v.2 protocol has introduced a user-friendly interface for smartphones.
The advantages of the protocol are quite obvious to a common user or an online business owner, as well as to a selective technology organization or payment system. Multi-level verification of payments always increases the level of security and advanced fraud protection. That's exactly what the 3D Secure v.2 protocol specializes in! The system simultaneously facilitates and simplifies the verification mechanism for a person and increases the amount of information collected for analysis.
Having mentioned all the advantages and innovation, the answer on how its implementation allows the business to increase sales is clear. 3D Secure v.2 not only provides security and less time-consuming authentication but also offers a smoother and more consistent user experience. It became possible to use multiple payment channels, such as credit and debit cards, digital wallets, in-app payments, and many more.
Payrow has implemented the new 3d secure v.2 protocol. Thanks to 3d secure v.2, we simplified and sped up the process of transactions. We have also included additional authentication options like security tokens and biometric data.
Also published here.