UK and Europe be ready to have more secured payment processes . Learn what is 3-D Secure 2.0 and Payment Service Directive 2

UK and Europe be ready to have more secured payment processes . Learn what is 3D Secure 2.0 ?  Payment Service Directive 2 and Strong Custom...

UK and Europe be ready to have more secured payment processes . Learn what is 3D Secure 2.0 ?  Payment Service Directive 2 and Strong Customer Authentication.

UK and Europe regions are going to see a huge difference in the way they make payments. UK citizens can expect the changes fully implemented across UK by March 2021 and Europe by December 2020.  We believe many of the common people have no idea on how the security is implemented for them to take care of their payment processes done at a store or online.  

There are some simple common security procedures instructed by banks or financial institutions to their customers while using their credit/ debit cards , bank accounts and they are like :

1. Never tell your password and account details to anyone over phone, online , text message or directly. 
2. Never share your account login details online to any person.
3. Use customized / strong passwords which you can remember, rather than a simple and easy to predict kind of passwords.
4. Use second factor authentication process if available. 
5. May be few more procedures might be instructed depending on the region where you live .

Apart from above, one has to know standards prescribed in this new generation for password creation, usually the standards can be as follows :  

1. Password Policy - Read here
2. Password creation process from Stanford - Read here  (understand the logic on how to create a strong password , do not use same 4 words mentioned in the given link)

Apart from the above easy to understand details , if you like to know more on how payments are secured go ahead and read below.

To safe guard our payment processes and transactions done across various platforms like POC machine or online via payment page or via eWallets .. you should have knowledge about 3DS  and below are the details on it.

EMV 3-D Secure Three-Domain Secure (3DS) is a messaging protocol developed by EMVCo to enable consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce purchases. The additional security layer helps prevent unauthorized CNP (Card not present transaction) transactions and protects the merchant from CNP exposure to fraud. The three domains consist of the merchant/acquirer domain, issuer domain, and the Payment Systems.

EMV originally stood for "Europay, Mastercard, and Visa", the three companies that created the standard and are now managed by EMVCo, a consortium of financial companies. The most widely known chips of the EMV standard are: 

  • VIS – Visa
  • Mastercard chip – Mastercard
  • AEIPS – American Express
  • UICS – China Union Pay
  • J Smart – JCB
  • D-PAS – Discover/Diners Club International.
  • Rupay – NPCI
  • Verve

Visa and Mastercard have also developed standards for using EMV cards in devices to support (CNP) card not present transactions over the telephone and Internet. Mastercard has the Chip Authentication Program (CAP) for secure e-commerce. Its implementation is known as EMV-CAP and supports a number of modes. Visa has the Dynamic Passcode Authentication (DPA) scheme, which is their implementation of CAP using different default values.

In February 2010, computer scientists from Cambridge University demonstrated that an implementation of EMV PIN entry is vulnerable to a man-in-the-middle attack but only implementations where the PIN was validated offline were vulnerable.

Hence 3D Secure xml based protocol over SSL connections with client authentication was introduced to avoid online frauds. It has been years passed and payment systems have changed a lot to support payment services across multiple devices. With respect to support and improve security on online payments, In 2013 ECB - European Central Bank requested for strong customer authentication.  Hence an updated payment services directive was introduced [PSD2 SCA] and made it a requirement. 

PSD2 SCA: Payment Service Direct 2 and Strong Customer Authentication, next generation 3D Secure Protocol : 3D Secure 2.0 .  In 2016, Visa criticized the proposal of making strong customer authentication mandatory, on the grounds that it could make online payments more difficult, and thus hurt conversion rates / sales at online retailers.

Better intelligence on 3D Secure 2.0: 

3D Secure 2.0 delivers 10 times more data such as device channel, payment history , than a preivous version to speed up authentication and boost security, giving shoppers a fast pass through checkout. 

By Visa

Most European countries, starting 14 September 2019, will be using SCA solution for all digital transactions, as part of PSD2. All digital transactions will require 2-Factor Authentication under the new PSD2 regulations. Moreover all card issuers and merchants/acquirers must support an SCA solution, which requires two of the three types of identification listed below.


These are the 30 countries that will be complying with the PSD2 SCA requirement in next 1 year from now: 

  • Austria 
  • Belgium 
  • Bulgaria 
  • Czech Republic 
  • Cyprus 
  • Denmark
  • Estonia 
  • Finland 
  • France 
  • Germany 
  • Greece 
  • Hungary 
  • Iceland 
  • Ireland 
  • Italy 
  • Latvia 
  • Liechtenstein 
  • Lithuania 
  • Luxembourg 
  • Malta 
  • Netherlands 
  • Norway 
  • Poland 
  • Portugal 
  • Romania 
  • Slovakia 
  • Slovenia 
  • Spain 
  • Sweden 
  • United Kingdom
The Reserve Bank of India mandates strong authentication for online transactions. Bulletin  , Reference 1  , Reference 2   and are already implemented.

Architecture of 3D Secure 2.0 protocol:

By Visa

Architecture of 3D Secure protocol:
By GPayments
When 3D Secure protocol was enabled, the conversion rates effected for most of the countries and below is an analysis on few:
By Fibonatix

Benefits of 3D Secure 2.0:

By Visa

Let us see how 3-D Secure 2.0 would effect conversion rates in the coming days.

Most of the information is taken from Visa to make sure the readers are confident enough to understand the process , make themselves ready for the new security standard to follow during payment process.

You Might Also Like



Flickr Images