Strong Customer Authentication with 3D Secure 2


Effortless authentication for faster checkout, improved security and increased conversions.

Strong Customer Authentication is quickly becoming the standard for online businesses. Now 3D Secure 2 brings Strong Customer Authentication to the payment card industry.

It's designed to secure all the new ways in which we pay online as well as meeting the new regulatory requirements such as PSD2 (Revised Payment Service Directive) that have been brought in to help protect consumers.

What is Strong Customer Authentication (SCA)?

SCA is the method of authenticating an individual based on at least two discrete elements of the following three categories:


POSSESSIONPOSSESSION - Something only you have. For example, your mobile device registered with your issuing bank or a hardware token that has been issued to you.

INHERENCEINHERENCE - Something only you are. For example, your fingerprint, iris scan or other form of biometric that can uniquely identify you.

KNOWLEDGEKNOWLEDGE - Something only you know. For example, a unique passphrase or identification number that is known only by you.

When deployed correctly, SCA offers an opportunity to keep user accounts safe, reducing the incidence of online identity theft or account takeover.

What is 3D Secure?

It's an authentication protocol that was designed to reduce fraud, increase customer security and reduce merchant liability to chargebacks. However, the original version of 3D Secure was designed for a ‘browser only’ ecommerce checkout experience and failed to consider the experience delivered via mobile browser and in-app payments that make up a significant proportion of ecommerce traffic today.

What is 3D Secure 2?

The 3D Secure 2 protocol was developed to meet the requirements of the modern remote payments environment, including the mobile checkout experience.

 

It introduces new authentication methods, such as biometrics, that better suit today’s customers. It also provides the possibility of a fully frictionless flow by using a more comprehensive data set to authenticate the customer without the need for their intervention. The standardised design of 3D Secure 2 across the major card schemes allows for a unified authentication solution for your ecommerce sales.

Frictionless

3D Secure 2 allows for a huge number of data points to be shared between your business and your customer’s card Issuer. Granting Issuers this vastly improved visibility of the customer and transaction details is often enough to allow them to passively authenticate and authorise payments without any impact to the customer experience.

Frictionless Authentication

Transaction, Customer and Device
data is used to passively authenticate the
cardholder behind the scenes.

Challenge

If the card Issuer decides that passive authentication is not sufficient, the authentication flow transitions seamlessly to a challenge flow and the cardholder must actively authenticate themselves. A common example would be a European transaction that is eligible for SCA under the PSD2 regulations and is not subject to a valid SCA exemption.

The details of the challenge required of the cardholder will be determined by their Issuer bank and could take the form of a One-Time Passcode (possession), Security Question (knowledge) or Fingerprint (inherence) scan.

The range of authentication options that an Issuer can make available, and the move away from static passwords will help combat drop-off while increasing security and user confidence.

 
 

Biometric Authentication

Out-of-Band authentication through an Issuer’s banking application to facilitate biometrics such as fingerprint scanning, facial recognition or voice identification.

 
 

OTP Authentication

A one-time passcode is sent by the Issuer to the customer's registered mobile number and is entered by the customer to demonstrate possession.

 
 

Knowledge-Based Authentication

Customers verify transactions by answering knowledge-based questions provided by the Issuer.