back to insights


April 28, 2021

Feature Overview: 3D Secure 2.1 vs. 2.2

Since the first 3D Secure protocol was launched in 2001 by VISA, the online payments ecosystem changed substantially regarding regulation and channels used for conducting online payments demanding improvements regarding the user experience of the solution and a more flexible approach. The new versions of the protocol enable SCA on mobile apps, support biometric authentication, and allow exemptions. All in order to provide the stakeholders with a solution that brings benefits to all parties.

Importance of 3D Secure

Online payments have been around for quite a while. However, last year marked with the Covid-19 pandemic, caused a big spike in the number of stakeholders who went online. For reference, Office for National Statistics states that online sales in the UK accounted for 35,2% of all retail in January 2021.

A 2021 report from Retail Economics and Natwest reports that 46% of UK consumers bought goods and services online that they, prior to the pandemic, only ever purchased online. What makes this a new trend is the following fact; 32% of consumers state that they plan to continue with their new shopping habits in the future.

Such numbers pose new opportunities as well as threats. As more and more people turn online to purchase goods and services, those with ill intentions do not waste time. Security questions regarding online payments have popped up, and that is where 3D Secure steps in. In order to provide ultimate security in the online payments ecosystem, EMVCo's specification reflected on current and future market trends to support security, performance, and user experience.

Issuers are still on the fence when it comes to adopting new 3D Secure versions. But there is no doubt about the benefits they bring to the table. From security matters to user experience improvements, 3D Secure ties it all together. Key benefits the protocol provides are the following:

3DS v2.1 Overview

Since the previous 3D Secure v1.0, there had been a lot of changes in the online payments industry. One of those major changes was extending to mobile apps and securing mobile payments, impacting both security and user experience positively. Secondly, since mobile emerged as one of the alternative online payment channels, alternative authentication methods, which are becoming today's standard, were introduced. We're talking about supported biometric authentication, which provides a high level of security without tampering with user experience during the checkout process.

Following, 3D Secure v2.1 collects ten times more data than the previous version, allowing issuers to conduct a more precise risk analysis, resulting in fewer step-ups and false declines. A new feature introduced in this version enables Merchant-Initiated Transactions, such as subscriptions. The first payment requires SCA, but the following identical payments do not. One of the essential upgrades revolves around the PSD2 SCA requirement, making the 3D Secure v2.1 a fully compliant solution.

3DS v2.2 Overview

3D Secure v2.2 includes all features provided in the v2.1 upgrade, plus some extra benefits. Supported SCA exemption flags allow for a more flexible approach. This is thanks to enhanced risk analysis which resulted in low-value payment exemptions as well as merchant whitelisting. The cardholder is in control when it comes to choosing the authentication method they want to apply during checkout. It makes the solution more user-friendly and the authentication process straightforward. Moreover, decoupled authentication introduced in this version allows authenticating the transaction at a time different from when the transaction occurred, which comes in handy in scenarios such as recurring payments or split shipments. Another feature included in the v2.2 is delegated authentication, which means that issuers can enable third parties (merchants, acquirers, etc.) to conduct the authentication on their end. This method eliminates unnecessary friction and provides a better customer experience.

To sum up

A considerable leap happened between 3D Secure 1 and 3D Secure 2, influenced by the fast-moving global digitalization, demanding more security and less friction. New versions of the 3D Secure protocol successfully overcame all of the obstacles 3D Secure 1 encountered. They are compliant, flexible, secure, and user-friendly.

If you want to find out more, contact our Asseco 3D Secure Team at [email protected] or download the datasheet.

download datasheet
Request Trial

Interested in TriDES2?

Subscribe to our newsletter
clouddownload linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram