3-D Secure – tackling key challenges and anticipating oncoming developments

Which have been the key factors with an impact on the journey from 3DS1 to 3DS2? 

When 3DS was first introduced, back in 1999, it was not a highly adaptable solution simply because technologies that are commonplace today had not yet been invented. 

After the mobile revolution, the static password issue was tackled by implementing one-time passwords or OTPs. EMVCo collected all the data on transactions and started reading out the patterns in them – which transaction is fraudulent and which transaction is not, or which transactions are more prone to chargebacks. They devised an upgraded version of 3DS: 3-D Secure 2.0 or 3DS2. 

Since Visa and Mastercard, or a customer’s respective card scheme, have the data they can easily make the decision on whether to let a transaction go through or not (without the need of an identity check). This represents a major improvement from 3DS1. New ways for authenticating identity were also introduced, such as biometrics, focusing mainly on mobile phones. The use of biometrics eliminates the need for even an OTP, making it another major add-on in 3DS2. 

Can you elaborate on some of the main challenges with 3DS2 after it went into effect as of January 2021? 

The biggest challenge with 3DS2 has been knowledge sharing. The merchants and the customers, especially, were not well informed about the changes that needed to be made. Merchants and banks were given till the end of 2020 to comply with 3DS2 or risk potential fines. 

It is noteworthy that apart from the knowledge sharing, the banks were also not ready for 3DS2 implementation. Initially, we saw many large banks failing transactions because they were not supporting the 3DS version 2 flow while Visa and Mastercard were mandating it. Eventually, the big banks were able to provide an acceptable implementation of 3DS2 via their app or website, but the small banks were not able to keep up. This situation even extended to whole countries since some of them were mandating 3DS2, while some were not. So, for merchants, especially global merchants, it became very hard to keep up with the local compliance and implementation of 3DS2. 

What can we anticipate from the 3DS developments in the future? 

While it has definitely improved in larger countries across Europe, it seems to remain a challenge in smaller countries. So, the problem is still persistent – 3DS2 has not been implemented properly across all banks and merchants. 

As far as the future of 3DS is concerned, SCA was a setback for card transactions. 3DS2 only acts as a tool to comply with SCA if the percentage of frictionless transactions is high, which is not the case currently. In the near future, EMVCo will need to make sure everyone is informed and prepared for 3DS2. Merchants need to provide enough data to EMVCo in order to increase frictionless transactions, as was the initial idea, otherwise other transaction methods, like open banking, will gain advantage over card transactions as they bring less friction to the payment process. Hence, more data (together with better implementation) is imperative for the future of 3DS2. 

What are the solutions that WLPayments can offer when it comes to challenges specific to 3DS2? 

The first problem was the lack of knowledge with the user. Since the banks were not providing the clients with relevant information, we needed to make sure that we have all the information available on the payment page itself. We provide the necessary details right alongside the portion of the page where the bank will ask for the password. This is how we prepare the customers for 3DS2. 

The next problem was the implementation of 3DS2 by the banks. While some banks were able to comply, some were not. In response to this, we developed a feature called ‘Flex 3DS’. For the banks that are not able to handle 3DS2, we receive an SCA error indicating that SCA has not been performed successfully for a particular transaction. When we receive such an error, we retry with 3DS1 for the same bank. So, while a bank might not support 3DS2, it has to support 3DS1 plainly because it has been in the game for a long time. 

The third problem was handling the phased release. Transactions above a certain amount have to go through 3DS2 because of the local mandate. However, in the case of transactions below the amount value, they do not need to be processed via 3DS2. Our solution to this is that we provide 3DS routing. 3DS routing allows merchants to decide upon their own 3DS2 strategy and implement it. Namely, merchants can choose which transactions they want to pass on to 3DS2 and 3DS1 (or even no 3DS). This feature routes transactions to the most efficient authentication protocol, taking into account exemptions, local mandates, and other valuable information. 

About Sunil Jhamb 

Sunil Jhamb is the CEO and Founder of WLPayments, a trusted white-label global payments platform. With over 20 years’ experience in consulting and sales, Sunil is an authority on international payments. Before this, Sunil founded Newgen Payments and worked at GlobalCollect as the director of global planning and strategy – developing corporate strategies and driving revenue opportunities globally. 

About WLPayments 

WLPayments offers a white-label payment gateway platform with secure plug-and-play fintech solutions for ISOs, PSPs, acquirers, banks, and online merchants. Our advanced orchestration of payments is integrated into a single-layered architecture with many innovative features, such as Intelligent Transaction Routing, Automated Reconciliation, and Smart Retries.