Creating a Secure, Customer-Friendly Checkout with 3-D Secure 2.0 Technology

3-D Secure 2.0

Creating a Secure, Customer-Friendly Checkout with 3-D Secure 2.0 Technology

As an e-commerce business collecting payments online, both security and a frictionless checkout experience are top priorities when competing for online shoppers. Fraud is detrimental to merchants and consumers — resulting in chargebacks and negative associations with your brand. To mitigate the risk of fraudulent online transactions, many e-commerce sellers rely on a technology called 3-D Secure 2.0. Before we dive in, it’s important to give you some background on the original 3-D Secure 1.0 (3DS1). 

A Short History Lesson on 3-D Secure 1.0

3DS1 is a security protocol developed to authenticate a shopper’s identity. Built by a partnership between Visa and the company now known as CA Technologies (formerly known as Arcot), 3D Secure refers to the three-domain model used to authenticate cardholder identities: the acquiring domain or bank, the issuing domain or bank, and the interoperability domain (which includes everything else like the infrastructure, other software, the internet, and merchant plugins).

The basic idea of 3DS1 was to simultaneously authorize the transaction process and authenticate the user identity of the shopper to approve a legitimate purchase. Since online shoppers can’t enter a PIN to authenticate the transaction and no physical card is swiped, 3DS1 used data points from all the parties involved in the purchase to verify that the purchaser was actually the cardholder. For example, the technology would verify that the billing address the customer entered at checkout matched what the customer’s bank had on record.  

3-D Secure 1.0 Meets Challenges

While it was meant to provide an extra layer of security for online purchases, 3DS1 was becoming outdated —  like all technologies, it needed to evolve to meet demands. While 3DS1 did validate cardholder identities, this traditional authentication process was somewhat inconvenient.

With 3DS1, customers would sometimes be redirected from the seller’s site to their bank’s payment system to provide more information to verify the cardholder’s identity. The added step was necessary for additional security measures, but slowed down the process and confused the shopper when they were diverted to another site. Worst case scenario, the shopper would abandon the purchase. And considering the industry cart abandonment rate is averaged to be nearly 70%, online retailers need to do everything in their power to avoid friction.

The initial payment flow described above created an interesting paradox for e-commerce businesses who wanted to provide a secure payment process, but also needed to account for the customer’s experience with the brand.

The Surge of Mobile Payments

With the surge of mobile payments, things got a little bumpier. In addition to the disjointed customer experience, mobile shoppers were having a hard time viewing the authentication page due to the lack of responsive design. Additionally, mobile browsers were prone to compatibility issues, while slow page load times frustrated shoppers.

Enter 3-D Secure 2.0

With security and customer experience at odds with one another, a new security protocol was needed to address the inherent issues with 3DS1, as well as the challenges that arose from the advent of mobile payments. A new and improved protocol was born when EMVCo launched 3D Secure 2.0 (3DS2). 

How Does 3-D Secure 2.0 Work?

During the payment process, the payment gateway passes along customer-and transaction-specific data points to the cardholder’s issuing bank. The bank is then able to evaluate the risk of fraud without the use of redirects within the checkout flow that require the cardholders’ involvement. If the bank successfully verifies the customer’s identity and decides that the transaction poses a low fraud risk, then they authorize the transaction. In the unlikely event that the bank is unable to authenticate the cardholder’s identity with the provided data points, the cardholder may be prompted to enter their preset password for verification purposes.

The Benefits of 3-D Secure 2.0

3DS2 embeds the authentication process and verifies cardholder identities in real-time — without the use of redirects that delay the checkout process. As a result, this updated technology reduces fraud and chargebacks without compromising customer experience. It also improves upon 3DS1 technology by collecting and cross-referencing 10x more data points during authentication than before. And by using behind-the-scenes identity verification, authentication can typically be completed without the customer’s involvement.

Furthermore, 3DS2 not only helps to decrease the number of fraudulent transactions but also in friendly fraud chargebacks — a practice in which a customer disputes a legitimate transaction in order to get their money back.

To give you a short recap, the benefits of 3-D Secure 2.0 technology include: 

  • Robust, risk-based authentication that uses a greater number of data points than the original 3DS1
  • Reduced friction and accelerated checkout process
  • Embedded authentication process without redirects that slow down checkout
  • Increased sales due to fewer abandoned shopping carts
  • Reduced fraud and chargebacks

3-D Secure 2.0 is rapidly being adopted by card brands, software developers, and payment technology providers — including Cardknox. This technology is now available through a Cardknox gateway e-commerce integration, as well as with PaymentSITE, Cardknox’s customizable online payment form. Contact us today to learn more about protecting your e-commerce payments with 3-D Secure 2.0 technology!