In this blog post, we'll explain how 3D Secure 2.0 can help you make better risk decisions, create online experiences customers will love, and increase conversions.
Poor security negatively impacts your business and customers, so keeping customers secure when they’re paying online is a must. With many new ways to pay and new regulations coming to light such as PSD2, it’s time to get to know customer authentication beyond the regulatory standards.
So, let’s cut through the noise on 3D Secure 2.0 (3DS 2.0) and explore the opportunities it can create.
3DS 2.0 is a new standard introduced by EMVCo and the major credit card schemes. It brings a new approach to authentication through a wider range of data, biometric authentication and an improved online experience. This new protocol addresses many of 3DS1.0’s issues, while bringing benefits across a wider set of use cases for businesses all over the world.
Increasing authorisation rates with data sharing
3DS 2.0 is much more than a redirect. The combination of certified SDKs in the checkout flow, paired with data sharing APIs, means that 3DS 2.0 can be used as a tool to share rich data between businesses and banks. Over 100 potential data points are shared with issuing banks, meaning that the information you and card issuers know about your mutual customers can be used to make better risk decisions. The more information you have to support authentication cases, the higher the chances of authorisations.
With 3DS 2.0 it is possible to share data between banks and merchants silently in the background. Authorisation rates can be increased with no perceivable change to the checkout flow by customers. Adyen's Dynamic 3DS service will help businesses decide when to send additional data to banks, automatically targeting transactions that are likely to see an uplift if data is shared.
This is interesting for businesses that don’t need to use 3DS 2.0 for fraud prevention. A business which has low fraud rates, but wants to achieve the authorisation uplift benefits of 3DS 2.0 can implement data sharing. This is without changing the seamless checkout flow their customers currently enjoy.
Superior authentication experiences for customers
In many cases device information is enough to authenticate without an extra step for the customer. However, some transactions that have higher risk or regulations such as PSD2 require active approval. Adyen's 3D Secure SDKs help you build these flows and there are three primary types to consider:
By offering more authentication flows, customers will be able to choose their authentication method of choice. And this means increasing security while reducing drop-off rates seen in older solutions that were based on static passwords. What's more, Adyen's 3DS 2.0 SDK will help you easily build these authentication flows natively into your apps and websites.
The different authentication flows with 3DS 2.0 offer more flexibility so banks can continue to innovate in the future, continuing to make authentication simple and more secure. This is good news for businesses who are more vulnerable to fraud, and who already use 3D Secure.
It's also a plus for businesses operating in regions that are introducing authentication requirements, an example of this being PSD2 in Europe.
Strong Customer Authentication with 3DS 2.0
Managed compliance with Dynamic 3D Secure
We’re the first to admit that the EU PSD2/SCA regulatory frameworks can be confusing, and global enterprise businesses will be looking for solutions to identify which transactions require authentication and which don’t.
3D Secure 2.0 is the main way that businesses can prepare for PSD2. Most regions that already have authentication mandates are expected to adopt the protocol quickly.
In addition, businesses will need tools to know where and when authentication is required, where it isn’t required but can increase authorisation rates, or where it isn’t required and may harm performance if used.
Adyen’s Dynamic 3D Secure solution can play a key role in managing PSD2 compliance on your behalf. They will take care of triggering the PSD2 and SCA exceptions when applicable so you can focus on your core business. These compliance rules will work in tandem with other Dynamic 3DS rules targeting fraud-prevention and performance optimisation to ensure that you are always using 3DS when it makes sense and avoiding it when it doesn’t. Below is the flow:
Prepare for Strong Customer Authentication with 3DS 2.0
The biggest driver for business and issuing banks to implement 3DS 2.0 is the upcoming enforcement of Strong customer authentication (SCA) requirements under PSD2. This law goes live in Europe on September 14, 2019.
As for the rest of the world, both Brazil and Australia have mandates in place which will encourage the adoption of 3D Secure 2.0 from mid 2019.
We’re starting to say goodbye to 3D Secure 1.0, so be the first to use this opportunity to use the additional information available with version 2.0. Take advantage now to increase your authorization rates, improve authentication and create a better experience for your customers.
Read more about the technical integration on our documentation. Or See our libraries on GitHub.