Is 3D Secure 2.0 Required in the US?
Published 11/09/2022
Originally published by TokenEx.
Written by Anni Burchfiel, TokenEx.
Quick Hits:
- 3D Secure is a security protocol that requires an extra layer of authentication for online payments.
- 3D Secure connects the three parties involved in a transaction (the card issuer, the acquirer, and the payment system) to authenticate cardholder identity and reduce fraud.
- 3D Secure 2.0 analyzes transaction information to reduce the amount of transactions that need to be authenticated.
- While 3D Secure 2.0 is not technically mandatory for the US, Visa’s support for version 1.0.2 has been discontinued as of October 15, 2022. 3DS 2.0 is also the standard for US companies subject to the EU’s PSD2 requirements.
Many companies use 3-D Secure for both the added security it offers for online payments as well as the ability to shift chargeback liability to acquirers. However, as 3-D Secure has recently been updated, and some merchants are confused about the changes and whether the switch to the newer version is mandatory. In this blog, we’ll cover the differences between the two and clarify the obligations of companies using 3DS to secure their online payments.
3D Secure 1.0 vs 3D Secure 2.0 Explained
The first version of 3D Secure was implemented over twenty years ago, and a lot has changed in the payment landscape since then. For example, mobile payments, now a regular part of online transactions, were just beginning to be tentatively explored in the early 2000s. 3D Secure got it’s first largest update since the beginning of the millenium around 2017: 3DS 2.0. While there are many changes between 3DS 2.0 and 1.0, the largest change is the way 3-D Secure determines which transactions require authentication.
3-D Secure 2.0 analyzes a merchant’s contextual data to determine which transactions are actually high risk transactions. According to Visa, less than 5% of transactions are actually high-risk transactions. With 3-D Secure 2.0, the other 95% of customers no longer have to provide additional verification.
This is possible because a merchant’s 3DS 2.0 service now sends the issuer’s 3DS 2.0 program 10 times more data about the cardholder and transaction. 3-D Secure 2.0 programs can use this data to judge whether the customer’s identity can be authenticated for the transaction without the customer needing to be involved.
This solves a huge pain point for merchants who used 3-D Secure 1.0, the addition of friction to the customer checkout experience. Previously, customers had to authenticate online purchases with passwords and other methods that added friction to the checkout process. Now, only 1 out of 20 transactions will require any additional verification before the transaction is approved.
Benefits of 3-D Secure 2.0
Lower Cart Abandonment Rates
According to a Visa case study, increasing the speed of payments with 3-D Secure 2.0 causes cart abandonment rates to plummet by an astounding 70%.
Better Security
According to Visa, 3-D Secure 2.0 delivers 10x more data to merchants to help them increase security and authentication rates. This not only helps legitimate customers speed through the process but also flags fraudulent charges with improved accuracy.
Lower Transaction Time
Shoppers using 3-D Secure 2.0 were able to reduce their time during checkout by 85%. Not only does this lead to less abandoned carts, but it also makes for an easier and more enjoyable customer experience.
Is 3DS Mandatory? (3DS 2.0 & PSD2)
3-D Secure is not necessarily a mandatory requirement in the US. However, Visa’s support for version 1.0.2 has been discontinued as of October 15, 2022.
It’s incredibly important for US companies to note that 3DS 2.0 is the new standard for EU transactions subject to PSD2. This is because the new 3DS protocol meets the Strong Customer Authentication (SCA) requirements for PSD2. If you’re a US company that does business in the EU, you’ll likely need 3DS 2.0.
Additionally, the benefits of 3-D Secure 2.0 make the upgrade an easy choice. Even without regulatory compulsion, many companies are leaping at the opportunity to switch and take advantage of the lower cart abandonment rates and better customer experience offered by 3-D Secure 2.0.
Related Articles:
How Cloud-Native Architectures Reshape Security: SOC2 and Secrets Management
Published: 11/22/2024
It’s Time to Split the CISO Role if We Are to Save It
Published: 11/22/2024
Establishing an Always-Ready State with Continuous Controls Monitoring
Published: 11/21/2024
5 Big Cybersecurity Laws You Need to Know About Ahead of 2025
Published: 11/20/2024