3-D Secure 2.0, also known as 3DS2, is an authentication protocol designed to enhance the security of online card payments. It is an upgraded version of the original 3-D Secure (3DS) protocol, which was primarily used for verifying the identity of cardholders during e-commerce transactions.
The main purpose of 3DS2 is to reduce fraud and provide a better user experience compared to its predecessor. It incorporates advanced authentication methods and risk-based decision-making to offer a more seamless and secure payment process.
Here’s how 3-D Secure 2.0 works:
- Initiation: When a cardholder initiates an online payment on a merchant’s website or app, the transaction details are sent to the merchant’s payment gateway.
- Risk assessment: The payment gateway performs a risk assessment using various data points, such as transaction amount, customer information, and purchase history, to determine the level of risk associated with the transaction.
- Authentication request: Based on the risk assessment, the payment gateway decides whether or not to proceed with authentication. If authentication is required, the payment gateway sends an authentication request to the cardholder’s issuing bank.
- Secure authentication: The issuing bank receives the authentication request and evaluates it using their risk analysis tools. Depending on the risk level, the bank may request additional authentication or proceed with a frictionless authentication flow.
- Frictionless flow: In many cases, the authentication process can be completed without any user interaction. The issuing bank may use various data elements, such as the customer’s device information or behavioral patterns, to authenticate the transaction behind the scenes.
- Step-up authentication: If the risk level is high or additional verification is needed, the issuing bank may trigger a step-up authentication. This requires the cardholder to provide additional information, such as a one-time password (OTP) sent to their registered mobile number or biometric authentication.
- Authentication response: Once the authentication process is complete, the issuing bank sends an authentication response to the payment gateway, indicating whether the transaction was successfully authenticated or not.
- Payment authorization: Based on the authentication response, the payment gateway decides whether to proceed with the transaction. If the authentication is successful, the payment gateway authorizes the payment, and the funds are transferred from the cardholder’s account to the merchant’s account.
The key improvement in 3-D Secure 2.0 is the ability to share more detailed transaction data between the merchant, issuing bank, and payment gateway. This allows for more accurate risk assessment, reduces false positives, and enables a smoother user experience with fewer authentication prompts for low-risk transactions.
Overall, 3-D Secure 2.0 aims to strike a balance between strong security measures and a seamless online shopping experience, reducing fraud while minimizing customer friction during the payment process.