Online payments have been around for quite a while but the last year, marked with the ongoing Covid-19 pandemic, caused a big spike in the number of stakeholders who went online as well as in revenue obtained by selling online. For reference, Office for National Statistics states that online sales in the UK accounted for 35,2% of all retail in January 2021.
A 2021 report from Retail Economics and Natwest reports that 46% of UK consumers bought goods and services online that they, prior to the pandemic, only ever purchased online. What makes this a new trend is the fact that 32% of consumers state that they plan to continue with their new shopping habits in the future.
Such numbers pose new opportunities as well as threats. As more and more people turn online to purchase goods and services in the comfort of their homes, those with ill intentions do not waste time. Security questions regarding online payments have popped up, and that is where 3D Secure steps in. In order to provide ultimate security in the online payments ecosystem, EMVCo's specification reflected on current and future market trends to support security, performance, and user experience.
Issuers are still on the fence when it comes to adopting new 3D Secure versions, but there is no doubt about the benefits they bring to the table. From security matters to user experience improvements, 3D Secure ties it all together. Key benefits the protocol provides are the following:
Since the previous 3D Secure v1.0, there had been a lot of changes in the online payments industry, demanding more significant improvements. One of those major changes was extending to mobile apps and securing mobile payments, impacting both security and user experience positively. Secondly, since mobile emerged as one of the alternative online payment channels, alternative authentication methods, which are becoming today's standard, were introduced. We're talking about supported biometric authentication, which provides a high level of security without tampering with user experience during the checkout process. Following, 3D Secure v2.1 collects ten times more data than the previous version, allowing issuers to conduct a more precise risk analysis, resulting in fewer step-ups and false declines. A new feature introduced in this version enables Merchant-Initiated Transactions, such as subscriptions. The first payment requires SCA, but the following identical payments do not. One of the most essential upgrades revolves around the PSD2 SCA requirement, making the 3D Secure v2.1 a fully compliant solution.
3D Secure v2.2 includes all features provided in the v2.1 upgrade, plus some extra benefits which make the solution even more adaptable. Supported SCA exemption flags allow for a more flexible approach, thanks to enhanced risk analysis which resulted in low-value payment exemptions as well as merchant whitelisting. The cardholder is in control when it comes to choosing the authentication method they want to apply during check out, making the solution more user-friendly and the authentication process straightforward. Moreover, decoupled authentication introduced in this version allows authenticating the transaction at a time different from when the transaction occurred, which comes in handy in scenarios such as recurring payments or split shipments. Another feature included in the v2.2 is delegated authentication, which means that issuers can enable third parties (merchants, acquirers, etc.) to conduct the authentication on their end. This method eliminates unnecessary friction and provides a better customer experience.
A considerable leap happened between 3D Secure 1 and 3D Secure 2, influenced by the fast-moving global digitalization, demanding more security and less friction. New versions of the 3D Secure protocol successfully overcame all of the obstacles 3D Secure 1 encountered, making the solution compliant, flexible, secure, and user-friendly.