After heading the EMV initiative, EMVCo saw the need for a verification protocol on card-not-present transactions. As a result, EMVCo created 3-D secure, a messaging protocol that allows cardholders to verify themselves during card-not-present transactions.
Adding layers of verification for CNP transactions helps protect consumers from fraudulent charges on their cards. In addition, verification protocols assist in the prevention of chargebacks for businesses. Therefore, the EMV 3-D Secure initiative helps protect both the consumer and business owner.
What is 3-D Secure authentication?
Traditional 3-D Secure has been around for a little over a decade. 3-D secure relies on a the consumer to verify their identity with a static password on an external page or pop-up.
Possible issues with this protocol include the user:
- Having pop-up blocker enabled and not being able to access the verification module
- Forgetting their passcode & dropping off from the payment flow as a result
Both issues add friction to the check-out process and can lead to shopping cart abandonment. As a result, many companies sacrifice the security benefits of 3-D security for a more streamlined process.
In other words, businesses have not used 3-D Secure payment solutions because it lessens their conversion rate. Unfortunately, by doing so, they are liable for chargebacks, whereas 3-D Secure authentication pushes liability to the card-issuing bank.
3-D Secure vs 3-D Secure 2.0
While EMV 3-D Secure added friction to the checkout process, 3-D Secure 2.0 uses multiple data sources to determine whether or not further verification will be needed to authorize the transaction. Specifically, the new protocol connects payment solution with the issuing bank through API calls. In doing so, the bank can supply the payment solution’s risk engine with that data that can be used to determine the risk-level of the transaction.
If the risk engine determines that the data in hand is not enough to authorize a transaction, then the payment solution will require further verification.
There are few methods that 3-D Secure 2.0 supports that were not supported by 3-D Secure.
Possible verification methods include:
- Two-Factor Verification-one-time passcode or custom password
- Biometric Verification-facial/voice recognition
Another important change between 3-D Secure and 3-D Secure 2.0 is that the new solution supports in-app purchases as well as mobile transactions.
As you can see, 3-D Secure 2.0 seeks to maintain security in card-not-present transactions while decreasing friction and improving the customer experience.