What is 3D Secure 2.0 ? Payment Service Directive 2 and Strong Customer Authentication
12:52:00EMV 3-D Secure Three-Domain Secure (3DS) is a messaging protocol developed by EMVCo to enable consumers to authenticate themselves with t...
12:52:00
EMV 3-D Secure Three-Domain Secure (3DS) is a messaging protocol developed by EMVCo to enable consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce purchases. The additional security layer helps prevent unauthorized CNP (Card not present transaction) transactions and protects the merchant from CNP exposure to fraud. The three domains consist of the merchant/acquirer domain, issuer domain, and the Payment Systems.
EMV originally stood for "Europay, Mastercard, and Visa", the three companies that created the standard and are now managed by EMVCo, a consortium of financial companies. The most widely known chips of the EMV standard are:
- VIS – Visa
- Mastercard chip – Mastercard
- AEIPS – American Express
- UICS – China Union Pay
- J Smart – JCB
- D-PAS – Discover/Diners Club International.
- Rupay – NPCI
- Verve
Visa and Mastercard have also developed standards for using EMV cards in devices to support (CNP) card not present transactions over the telephone and Internet. Mastercard has the Chip Authentication Program (CAP) for secure e-commerce. Its implementation is known as EMV-CAP and supports a number of modes. Visa has the Dynamic Passcode Authentication (DPA) scheme, which is their implementation of CAP using different default values.
In February 2010, computer scientists from Cambridge University demonstrated that an implementation of EMV PIN entry is vulnerable to a man-in-the-middle attack but only implementations where the PIN was validated offline were vulnerable.
Hence 3D Secure xml based protocol over SSL connections with client authentication was introduced to avoid online frauds. It has been years passed and payment systems have changed a lot to support payment services across multiple devices. With respect to support and improve security on online payments, In 2013 ECB - European Central Bank requested for strong customer authentication. Hence an updated payment services directive was introduced [PSD2 SCA] and made it a requirement.
PSD2 SCA: Payment Service Direct 2 and Strong Customer Authentication, next generation 3D Secure Protocol : 3D Secure 2.0 . In 2016, Visa criticized the proposal of making strong customer authentication mandatory, on the grounds that it could make online payments more difficult, and thus hurt conversion rates / sales at online retailers.
Better intelligence on 3D Secure 2.0:
 |
| By Visa |
These are the 30 countries that will be complying with the PSD2 SCA requirement:
- Austria
- Belgium
- Bulgaria
- Czech Republic
- Cyprus
- Denmark
- Estonia
- Finland
- France
- Germany
- Greece
- Hungary
- Iceland
- Ireland
- Italy
- Latvia
- Liechtenstein
- Lithuania
- Luxembourg
- Malta
- Netherlands
- Norway
- Poland
- Portugal
- Romania
- Slovakia
- Slovenia
- Spain
- Sweden
- United Kingdom
Architecture of 3D Secure 2.0 protocol:
 |
| By Visa |
Architecture of 3D Secure protocol:
 |
| By GPayments |
 |
| By Fibonatix |
Benefits of 3D Secure 2.0:
 |
| By Visa |
Let us see how 3-D Secure 2.0 would effect conversion rates in the coming days.
