3D Secure is up and running since 2001 when VISA came up with an interoperable protocol in order to authenticate Card-Not-Present (CNP) online payments. After more than a decade, EMVCo has taken ownership of the 3D Secure protocol from VISA and designed the second generation of 3D Secure, EMV3DS, or better known as 3D Secure v2. Since adoption to EMV 3DS1 took longer than expected, the end of support for 3D Secure v1 was recently prolonged from December 2020 to October 2022.

This will cause two additional years of possible headaches for issuing banks, knowing that those two protocols coexist independently and demand separate infrastructures. Most of the Access Control Server (ACS) software providers have built a new ACS compatible with 3DS2, so issuing banks are mostly turning to ACSs for the next two years.

Cardholder Confusion

Running two ACSs is not the most critical point, even though it makes additional operational costs for issuers. One card can be enrolled (in fact, it should be enrolled according to MC/VISA suggestions) on both 3DS platforms. This is necessary for supporting authentication on the merchant side in cases when the merchant has not upgraded to 3DS2. Statistics show that most non-EU merchants did not upgrade to 3DS2.

3DS2 offers a much broader set of functionalities and authentication methods (e.g., push notification, Risk-Based Authentication, frictionless authentication, Merchant Whitelist, etc.), which is the result of efforts put into providing the cardholder with the best User Experience possible. All of the mentioned features were not supported in 3D Secure v1, which means that buyers might encounter a very different user experience when purchasing from different merchants (the ones which upgraded to 3DS2, and those that did not).

Deploy ''frictionless like'' Authentication on 3DS1

3D Secure solutions, which have a modular architecture (ACS core, Authentication Service, Risk Scoring Service built as separate but interoperable modules), enables integration of those modules with 3DS1 platform as well, i.e., ACS that runs 3D Secure v1. This architecture brings two significant enhancements for buyers:

Knowing that adoption of 3DS1 was not well received by the cardholders because of poor User Experience, in the following two years of the transition period, cardholders will be able to process more frictionless transactions, and thus, transaction abandonment rates will be reduced.

Know Your Customer (better)

As mentioned above, the most notable User Experience benefit of 3D Secure v2 is Risk-Based Authentication and frictionless flow enabled by transaction risk analysis. Transaction risk assessment is based on the cardholder's transaction history and previously created a behavioral profile. In case of any deviations which are not aligned with the cardholder profile, the issuer will require Strong Customer Authentication in order to be sure of the cardholder's authenticity.

Separation of 3DS1 and 3DS2 transactions in situations where a significant number of transactions is still in 3DS1 means that the customer profile in 3DS2 is not completed, due to the fact that behavioral data is not jet evaluated. To override this issue, issuers can deploy a single risk scoring service for both ACS1 and ACS2 to complete the buyers' profile and make a more precise risk assessment.

Having two coexisting 3D Secure protocols is not an easy task to handle on the issuer side, but there are solutions that help overcome this challenge. Technical issues are being handled with a modular architecture, allowing issuers to adapt to any protocol being used to successfully process a given transaction, whether it is protected with 3DS1 or 3DS2. The most notable challenge is to ensure a smooth and uniform user experience in both cases, making the cardholders confident in the security of their online purchases. Different experiences during checkout might make the buyers wary during the processing of online payments, possibly causing cart abandonment rates to soar.


For more information, contact our team at [email protected] to get a free, zero-obligation consultation or try our DEMO to see 3D Secure in action.


Interested in TriDES2?

Subscribe to our newsletter
© Asseco South Eastern Europe 2021. All rights reserved
download linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram