The first rule of doing business online is to ensure that customers’ payments are secure. With an increase in digital payments, new payment innovations, and new regulations like 3D Secure 2.0, it is important to understand customer authentication beyond regulatory standards.
In this article, we deep dive into 3D Secure authentication and break down what it means for your business and your customers. We will explore the original 3D Secure 1 (3DS1) as well as the newer 3D Secure 2.0 (3DS2) that we recently integrated at SeerBit
Authentication vs Authorization
Before we start, we would quickly explain the differences between payment authentication and payment authorization.
- Payment Authentication is the process of confirming whether the person attempting to make a payment is the legitimate owner of the card. This happens between the customer and the issuing bank.
- Payment Authorization is a separate process in which the issuing bank may approve or decline a payment transaction submitted by a merchant (in this case, SeerBit). This happens between the issuing bank and SeerBit and it is invisible to the customer.
What is 3D Secure?
Typically, when you try to make any card payment online, 3DS1 will redirect you to your bank for card authentication, prompting a password or a one-time password (OTP) that is sent via SMS. By doing this, issuing banks are held liable for fraudulent chargebacks, completely absolving the business. It was a security step, but it was not user-friendly.
3DS1 lacked native in-app flows and this caused a lot of authentication issues for customers such as
- Compatibility issues when performing authentication process on mobile devices
- Slow authorization page loading time leading to frustration of users
- Some users were unable to view the 3DS authentication page on their device
These and other factors led to irritated customers abandoning the payment process and businesses losing sales as a result.
In addition, different regions have different security requirements and policies, and the adoption of the 3DS1 protocol varied from bank to bank and country to country. This makes it challenging for businesses looking to scale.
Now that you understand 3D Secure and the problems it presents, let’s explore the 3D Secure 2.0 authentication and the opportunities that come with it.
How does 3D Secure 2.0 authentication work?
3DS2 is the upgraded authentication standard introduced by EMVCo and the major card schemes. It takes a different approach to authentication, as it uses a broader range of data, biometric authentication, and an improved user experience, particularly for mobile. It also addresses many of 3DS1’s shortcomings while providing benefits to businesses worldwide across a broader range of use cases.
How does 3D Secure 2.0 benefit you and your customer?
3DS2 has several benefits for your business and your customers such as a seamless authentication process, reduced fraud risk and more. Let’s discuss some of these benefits below.
Better user experience
3DS2 comes with different authentication flows that all give customers a frictionless experience at the point of payment, let’s explore them.
In-app two-factor authentication
If you’re building an app, 3DS2 SDK let you integrate an authentication flow into the app, so customers receive a request to provide two-factor authentication — typically sent as an OTP — right in the checkout. No more annoying pop-up windows or browser redirects.
Passive authentication
For this type of authentication to take place, the customer must have previously made payments with the two-factor authentication method on their device. Your payment provider and the bank servers exchange data points like shipping address, payment history and others, to determine whether the transaction is being made by the real cardholder.
This activity happens in split seconds and is completely invisible to the customer.
.png?width=9864&height=4858&name=Passive%20Authentication%20(1).png)
Biometric authentication
This is another type of authentication that is possible with 3DS2. The SDK also allows an app to switch to the issuing bank’s app so that your customers can use their fingerprint or face ID for authentication.
These authentication flows not only provide a seamless payment experience for customers but also increase security and reduce the number of abandoned transactions seen in the previous 3DS1. This way, your business is protected from fraud and enjoys higher conversions.
They also provide the flexibility banks need to continue innovating in order to make payments more secure and simple.
Increased authorization rates with data sharing
3DS2 creates a data channel between businesses and banks by using certified SDKs and iframes in the checkout flow, as well as data-sharing APIs, allowing for better risk-based analysis while maintaining your native user flow.
With over 100 potential data points shared between businesses and card issuers, risk assessment is significantly improved. It goes without saying that the more data you have to support authentication cases, the more likely a transaction will be successful.
Reduced fraud risk
When authenticating the cardholder’s identity during the payment process, 3DS2 helps to filter fraudulent transactions and verifies the customer’s active participation in the transaction. Compared to the previous 3DS1, more data points are used to determine whether or not the transaction should be approved, increasing the overall reliability of the authentication process.
How does SeerBit support 3D Secure 2.0 authentication?
SeerBit’s payment APIs and Checkout are fully integrated with the 3D Secure 2.0 browser flow, allowing you to automatically apply 3D Secure 2.0 authentication to high-risk payments to protect your business from fraud.
If you’re building a mobile app, you can integrate an in-app authentication flow with our mobile SDKs to provide a seamless experience without redirecting your customers outside of your application.
SeerBit is dedicated to helping you integrate our payment solutions that meet global regulatory standards such as 3DS2 and PCI DSS. Our APIs also provide a streamlined integration experience, allowing you to access all supported payment methods through a single payments endpoint and add new payment methods without reintegration.
We are constantly iterating, adapting, and improving our solutions to help you meet the ever-changing consumer and regulatory demands, so you can spend less time on integrations and more time on your business.
