The European payments and regulatory landscape is rapidly changing. Now that the revised Payment Services Directive (PSD2) is in full effect, the industry has set its sights on the next measure: Strong Customer Authentication (SCA) requirements. SCA mandates that merchants with operations in the European Economic Area (EEA) provide EU card issuers with two distinct authentication factors from customers for transaction approval.
As the current September 14, 2019 SCA enforcement date approaches, many merchants still have questions about how to prepare -- but while the requirements may seem complex, the solution is simple: 3D Secure 2 (3DS2).
3DS2 is an industry-standard solution for meeting SCA requirements that helps ensure cardholder authentication and protection against fraudulent transactions. The latest 3DS update, which lets issuing banks verify cardholders during transactions, also means benefits for merchants: It can help transfer liability for fraud disputes to issuers, help reduce costs associated with chargebacks, and even help increase conversion.
3DS is a security protocol that provides an extra layer of protection for online credit and debit card purchases. It was first deployed by Visa as "Verified by Visa" and later renamed "Visa Secure.” Since that initial rollout, payment-authentication services based on 3DS have been adopted by Mastercard, American Express, and other major issuers and schemes.
The protocol connects merchants, card networks, and financial institutions to authenticate transactions and share data. An additional verification step helps protect both cardholders and merchants during checkout -- a lookup determines if the cardholder is enrolled in 3D Secure and whether they will need to authenticate the transaction.
The original 3D Secure protocol, 3DS1, was developed long before the smartphone, and it showed -- 3DS1 became known across the industry as a “conversion killer” due to its friction-heavy transaction process.
But 3DS2 was specifically designed to help reduce that friction, especially for mobile checkout, thanks to a seamless mobile experience and native SDKs for both Android and iOS. And while its primary purpose is to meet SCA requirements for biometrics and two-factor authentication, 3DS2 can help improve conversion by making checkout faster and easy for customers.
1-2. "Frictionless Experience with Verified by Visa," Visa, 2018
This next-generation solution provides automated fraud protection. It’s always on, helping to protect customers and merchants -- no fine-tuning or maintenance beyond updates required. And rather than requiring cardholder involvement, 3DS2 uses device and browser data to accurately make authentication assessments that typically happen behind the scenes. It also offers improved ways to replace static passwords in the event of a challenge.
When fraudulent transactions do occur, with 3DS2 merchants may shift the chargeback liability for those transactions from themselves to the issuing bank.
Issuers may approve more transactions when using 3D Secure.
All companies doing business in Europe need to be aware of PSD2’s SCA requirements. Enabling 3DS2 is an industry-standard approach to comply with the new EU laws.
By adding an authentication step for online purchases, 3DS2 provides another fraud-protection layer for online credit and debit card transactions.
Get more information about various SCA payment scenarios.
3DS2 via Braintree provides a simple way to authenticate transactions with a low-friction checkout experience for cardholders -- plus a single integration that manages multiple acquiring relationships. Our newest front-end and mobile SDKs are built to support all 3DS2 authentication paths. This new iteration will include a method for collecting the device and browser data required by each individual issuing bank, as well as customer data elements. Merchants can also take advantage of 3DS2’s chargeback liability-shift benefit to help reduce costs associated with chargebacks categorized as fraudulent.
As of right now, many issuers have already begun actively supporting the latest 3DS version in preparation for the September 2019 SCA deadline. Getting 3DS2-ready with Braintree gives merchants an upgraded weapon in the fight against fraud, plus the benefits of a seamless, secure checkout experience -- all with the peace of mind that comes with an industry-standard authentication solution to meet SCA requirements.