3D Secure 2.0 (3DS2) Authentication

EMV® 3D Secure 2.0 (3DS2) is an authentication protocol for online credit card transactions. 3DS2 is designed to reduce fraud and increase security of online credit card transactions.

What is 3DS2?

EMVCo, the creators of the 3D Secure standards has published the following helpful video explaining 3D Secure authentication works:

What is PSD2?

The Revised Payment Services Directive (PSD2) is the latest version of the Payment Services Directive, a European regulation requiring strong customer authentication (SCA) to make online payments in the European Economic Area (EEA) more secure.

PSD2 is for banks, not for merchants. This means that to comply with the law in their home country, issuing banks must refuse non-compliant transactions. To avoid the risk of issuing banks refusing your transactions, you as a merchant need to ensure that your transactions comply with PSD2 SCA regulations.

PSD2 Compliance

The Payment Services Directive 2 (PSD2) is a European regulation aimed at creating a more integrated and secure European payments market. One of its key elements is Strong Customer Authentication (SCA), which mandates two-factor authentication for online payments to reduce fraud. Merchants failing to comply with SCA requirements could face higher decline rates and potentially hefty fines.

To meet SCA requirements under PSD2, 3D Secure 2 (3DS2) serves as a convenient and effective solution. 3DS2 is designed to offer secure and streamlined authentication through real-time, risk-based analysis. By adopting 3DS2 protocols for online transactions, merchants not only comply with the stringent SCA mandates but also benefit from a reduced risk of fraud and chargebacks. This makes 3DS2 a valuable tool for businesses looking to adapt to the changing regulatory landscape while improving transaction security and customer experience.

Card Brand Support for 3DS2 Authentication

Visa's 3-D Secure 2 (3DS2) is the updated version of the 3D Secure authentication standard, designed to enhance security for online card transactions. It introduces a more secure and streamlined user experience by leveraging real-time, risk-based authentication. The new 3DS2 standard aims to combat fraud more effectively while minimizing cart abandonment issues that plagued its predecessor. Notably, 3DS2 supports mobile applications and enables the sharing of more transaction data between merchants and issuers for better risk assessment.

MasterCard's equivalent is called Identity Check, also based on the 3DS2 standard. It similarly offers a modernized, mobile-friendly user authentication experience, incorporating biometrics and SMS one-time passwords among its multiple authentication methods. Discover's ProtectBuy and American Express' SafeKey are the respective 3DS2 solutions from these card networks, each focusing on robust, real-time risk assessment and secure customer authentication, albeit with some differences in implementation and merchant adoption.