3D Secure 2.0 is an improved version of the 3D Secure authentication protocol introduced in 2001 by VISA as an interoperable three-domain solution for online card authentication. As opposed to card transactions that occur in brick-and-mortar retail, which use chips and PIN authentication methods, there was no presented solution for eCommerce until 3D Secure stepped in.
3D Secure is an additional process that occurs before a transaction becomes authorized. It is deployed in three domains that consist of:
1. Merchant: The seller that requires payment.
2. Customer: The Card owner and purchaser of goods.
3. Interoperability: Card scheme (Visa, MC, Amex, Diners, JCB, etc.)
For a number of years, eCommerce and other online payment systems have proven to be lucrative and presented constantly growing business opportunities, accompanied by an ever-present and rising threat regarding online fraud and theft.
Below are some figures (via eMarketer) to consider comparing the annual percentages of total sales conducted online when compared to all sales that also include brick and mortar retailers, as well as the comparison of change annually within this sector and the growth that occurred from the year 2017 until the projected year 2023.
The data shows that the global eCommerce market had sales reaching $3.5 trillion by the end of 2019 and represented 14% of the global sales figures. Projections show that eCommerce sales will reach 22% of global retail figures by 2023, with total sales reaching around $6.5 trillion.
Considering the ever-growing trend in eCommerce, security issues needed to be taken care of and, significant changes regarding the authentication process were implemented. Static passwords were deemed untrustworthy and replaced by dynamic passwords and biometrics. This resulted in an improved user experience for both merchants and cardholders as well as more secure online payment processes.
Main changes included the following:
Strong Customer Authentication (SCA) came into play as a PSD2 requirement, whose main goal was to reduce fraud and bring online payment security to a higher standard. Static passwords caused a variety of inconveniences for online shoppers, thus resulting in high cart abandonment rates. On the other hand, biometric authentication (e.g., face or voice recognition) is not only more secure than conventional static passwords but contributes to a smooth user experience during online checkout, which cuts down cart abandonment rates. Another method introduced in 3D Secure 2.0 is risk-based authentication, setting stone for frictionless transactions. This means that transactions that are considered ''low-risk transactions'' do not require further authentication. This method is based on data from previous transactions and cardholder behavior information.
Bringing the security standards to a higher level without tampering with user experience presented a real challenge when it comes to 3D Secure 2.0. Alongside introducing new authentication methods such as biometrics, this upgrade eliminated pop-up windows and redirects which occurred during online payment, making cardholders more confident in the security of their purchase and consequently causing cart abandonment rates to drop.
3D secure 2.0 enables authentication on a wide variety of devices. 3D Secure transactions are now available in application and browser-based solutions.
EMVCo continues to enhance 3D Secure protocol aligning it with eCommerce trends, as well as buyer and stakeholder's needs to ensure the best UX and ultimate security. 3D Secure v2.1 brought frictionless authentication which resulted in a faster and more convenient checkout process. At this moment, there is actual 3DS v2.2, which brought new authentication methods, like decoupled authentication, and Merchant White list to give additional control to buyers in managing transaction security.