Anyone familiar with 3-D Secure will know that the transition period to implement Strong Customer Authentication (SCA) under PSD2 ended on 31 December 2020. With effect from 1 January 2021, the directive was enforced in the European Economic Area (EEA), with more countries outside of EEA to follow. This trend to adopt the highest level of payment security is being reflected globally, with an increasing number of merchants and service providers seeking to provide a secure and seamless experience for their customers during the checkout process. More recently, in October 2022, all major card schemes discontinued support for 3-DSecure version 1 and are now only running the 3-D Secure version 2. Therefore, all online transactions must be authenticated using 3-D Secure version 2.
Aside from reducing fraud, shifting liability, and improving the security of online transactions, the primary benefit of implementing 3-D Secure version 2 is introducing less disruptive authentications resulting in an overall improved experience for the cardholders. Thereby, cardholders can expect more frictionless checkouts without requiring them to authenticate for each transaction. This is mainly done by sending more data elements to the card issuers during the authentication process to assess the risk level of the transaction but also by applying merchant-specific exemptions, such as requesting an exemption as a trusted merchant. Both result in an increased number of transactions that can be authenticated without further cardholder interaction being required.
To turn 3-D Secure 2 into a competitive advantage, it is crucial to keep up to date with all the latest developments in 3DS. Particularly for merchants and service providers collaborating with multiple payment gateways, orchestrators or third parties who often face restrictions with providers that run different versions or do not support exemptions or specific card brands.
Unlike relying on different providers to control 3DS, having an independent and standalone 3DS layer that sits on top of payment gateways ensures you retain complete control over authentication flows. This also means merchants and service providers can control exemptions and are more likely to deliver a frictionless payment experience for their customers. This is mainly done by decoupling the3-D Secure authentication procedure from the payment authorization and settlement, commonly known as Authentication-Only.
Authentication-Only allows merchants and service providers to authenticate transactions applying their own rules and then send the authentication data along with the rest of the payment information to their payment gateways or third parties with complete flexibility. The subsequent authorizations are then handled as 3-D Secure transactions as usual. This significantly streamlines the payment process and puts those merchants and service providers leveraging a standalone 3DS approach at a strategic advantage.
As regulations around 3DS become tighter, and customers worldwide expect a unified, secure payment journey, the merchants and service providers who embrace best-in-class 3DS practices will set themselves up to thrive. Thankfully, help is at hand. Providers such as Stripe, Adyen, and Planet’s PCI Proxy invested early in flexible authentication workarounds such as Authentication-Only. PCI Proxy handles millions of 3-D Secure authentications for leading organizations around the globe each month. It supports all major card schemes, including Visa, Mastercard, American Express, Diners Club, Discover, Union Pay, JCB, Dankort and Carte Bancaires through various integration options.
Ready to dive into the technical bit? You can read our developer docs on integrations and APIs to process 3-D Secure authentications here or contact our team if you have any questions on this article.