Fraud is a top concern for business owners and shoppers alike. Unfortunately, as ecommerce grows, instances of fraud also increase. As a result, the industry is constantly looking for ways to tighten security measures and protect sensitive payment information.
3DS1 and 3DS2 are variations of the 3D Secure protocol, which can help fight fraud. At first glance, it may simply seem like 3DS2 is just the newer version of 3DS1, but the two protocols are actually extremely different. Here’s what you need to know.
What Is 3D Secure and Why Is It Important?
3D Secure, or 3-Domain Secure, is an authentication protocol that requires customers to take part in an additional verification step during checkout to reduce fraud. You may also know this security standard by its branded names, like American Express SafeKey, Visa Secure, and Mastercard Identity Check.
3D Secure adds a vital layer of protection for online payments. It allows customers to confirm their identity on multiple levels, therefore helping to avoid fraudulent transactions.
Plus, only certain transactions require this security protocol. Payment systems will trigger it when a transaction meets certain criteria, set by the credit card companies, like transaction size or location. That means that it won’t negatively impact the user experience in most cases.
3D Secure 1 vs. 3D Secure 2: Key Differences to Know About
3D Secure 1 is the first iteration of 3D Secure and came out in 2001. When a shopper enters their payment details to make a purchase, 3DS1 redirects them to an authentication page that asks for a password or code to approve the purchase. This second page is co-branded by a card network, so it feels fairly secure.
3DS1 has some drawbacks that could cause you to lose sales. The added step creates friction during the checkout process and some customers find the pop-up to appear untrustworthy. Lastly, some banks require cardholders to create passwords for 3DS1, which are easily forgotten and can add even more friction.
Unlike 3DS1, 3DS2 allows payment systems to send more data elements during a transaction to the shopper’s bank to confirm their identity. This includes shipping addresses, previous transaction history, and more.
The bank can then determine the likelihood that the shopper is legitimate, assess the risk level of a transaction, and choose an appropriate course of action. The 3DS2 process allows banks to offer “frictionless” flows to customers with lower risk levels and only forces high-risk transactions through “challenge” flows.
How Does 3D Secure 2.0 Work?
When a customer makes a purchase, your payment system sends their data to their bank. If the information provides enough assurance that the real cardholder is making the purchase, the bank allows for the transaction to go through a “frictionless” flow. The bank can authenticate the transaction without more information from the cardholder.
However, if the bank determines that it needs more proof of identity, the system sends the transaction through a “challenge” flow, in which the customer must provide more input. The customer must confirm their identity by entering a code sent to their phone or by signing into their banking app with a fingerprint or facial recognition.
What Are the Benefits of Using 3D Secure 2.0?
3DS2 provides two-layer authentication, which helps to avoid fraud. By collecting additional information, you can ensure you’re making a sale to a legitimate customer. Having 3DS2 in place also allows you to avoid chargeback fees and place liability with banks. In this way, 3DS2 can help you save money and improve your reputation amongst customers.
The other key benefit is a frictionless transaction for customers. 3DS1 would sometimes result in cart abandonment due to lengthy, complicated checkout processes. Meanwhile, 3DS2 makes it easy to share data, including biometric information, so that fewer customers must go through the challenge flow.
Plus, 3DS2 embeds the challenge flow within a web browser or mobile checkout. That means the full-page pop-ups of 3DS1 are no longer necessary, providing a better user experience for customers.
All major credit card brands stopped supporting 3DS1 in October 2022. To continue using 3D Secure, you must move on to 3DS2. 3DS2 is also the primary card authentication method that you can use to meet SCA (Strong Customer Authentication) requirements in Europe.
How Can You Implement 3D Secure 2.0 in Your Business?
Pay.com’s first priority as a payment service provider is making payments easy and secure for customers and businesses. That’s why we support 3DS2 to ensure you avoid fraudulent transactions and chargeback fees.
We also tokenize all credit card details in transit. That means in the extremely unlikely event that a hacker did get into our servers, there would be no credit card details stored for them to steal.
Plus, Pay.com has Level 1 PCI DSS compliance, which is the highest level. You can display the PCI DSS logo on your checkout page so customers know that your business prioritizes their security.
Safety features aside, Pay.com provides a powerful, flexible payment solution. Your developers can use Pay.com’s API to embed hosted payment fields into your website or application. Add a variety of payment methods with a single integration. You’ll also get access to the Pay Dashboard, where you can track payments and review in-depth reports and analytics.
Click here to get started with Pay.com now!
The Bottom Line
Providing secure transactions is key to maintaining a happy customer base. 3DS2 is one way to do that, as it allows you to use 2-layer authentication. It also provides some much-needed updates from 3DS1, including a smoother user experience and advanced data delivery to banks, allowing for authentication to happen without affecting the checkout process.
Plus, 3DS2 can even occur on your website or app, rather than taking the customer to another page. With frictionless, secure transactions, everyone wins. If you want to build trust with your customers and support 3DS2, make the switch to Pay.com. We take care of all the payment-related work behind the scenes so you don’t have to.