VISA introduced 3D Secure (3DS) back in 2001 to provide merchants and issuers a way to authenticate the cardholder for eCommerce payments. EMVCo, in collaboration with Visa and industry stakeholders, updated the standard, which is referred to as 3D Secure 2.0 (3DS 2.0). EMVCo released the specification in October 2016, with an updated version, 2.1.0, published in October 2017, and version 2.2.0 published in December 2018.
When EMVCo initially introduced 3D Secure 2.0, it was announced that 3D Secure is in the phase-out stage and will no longer be supported after 31.12.2020.
In the same timeline, PSD2 was introduced, demanding Strong Customer Authentication, Transaction Dynamic Linking, Transaction Risk Analysis with SCA exemption, applied at all electronic payment channels. 3D Secure 2.0 and the newest releases have covered those PSD2 requirements and ensured that issuers, acquirers, and merchants that deploy 3D Secure are fully compliant with PSD2 on eCommerce and mobile payment channels.
However, only the EU region is in the scope of PSD2, meaning that non-EU countries, issuers, and merchants are not obliged to follow PSD2. That is the reason why 3D Secure has much lower adoption outside of the EU. The card scheme also left possibilities for many regions to have 3D Secure 2.0 migration prolonged.
There were rumors that the initial 3DS1 phase-out date announced by EMVCo will be prolonged for a long time, but without information for how long. Finally, MasterCard issued the announcement AN 3391 Mastercard Customer Roadmap to Transition from 3DS 1.0 to EMV 3DS (2.0), where 14 October 2022 is communicated as the end of support for 3DS1 at lease MC Identity Check program. So far, there is no announcement from VISA.
Prolongation of the transition period is causing headaches for issuers who need to manage two independent ACS systems and buyers who will face different user experiences for the next two years. Buyers are getting familiar with frictionless transactions, and they welcome it, but frictionless transactions are standardly applied only to 3DS2.
To unify buyer user experience and reduce cart abandonment rate in check out with 3DS1 authentication, with proper Risk Scoring solution, issuers can adopt Risk Scoring to 3DS1 as well. To ensure efficient Risk Scoring and improve UX, the best option is to use a single Risk Scoring solution for ACS1 and ACS2. With Asseco 3DS Risk Scoring module, issuers can integrate both ACS1 and ACS2 services, and with appropriate risk scenarios, grant frictionless transactions for 3DS1 checkout. This will improve UX on all eCommerce and mobile merchants who are outside of the EU and are not obliged to support 3DS2 in the transition period.
To get more insight, we also handpicked the following articles regarding the transition: