Products

Solutions

Education & Training

Services & Support

Partners

Company

{{search ? 'Close':'Search'}}

3-D Secure: Protects e-commerce Transactions

Making online transactions safe and frictionless.

Related Videos


What is 3-D Secure?

3-D Secure is an industry standard protocol that makes online shopping transactions secure by authenticating cardholders during checkout. These are known as “card-not-present” (CNP) transactions. Many implementations of 3-D Secure invisibly verify the cardholder and only require “strong,” additional authentication if the transaction is deemed suspicious. This provides a frictionless, familiar experience for most legitimate cardholders.

You may recognize brands such as Mastercard SecureCode®, Verified by Visa, American Express SafeKey® and Discover ProtectBuy—all of which the card schemes use to identify their 3-D Secure implementations. Today, EMVCo, the global technical body that manages security specifications for chip-based payment cards, is diligently working with multiple entities (including CA Technologies) to make advancements to this protocol in efforts to modernize the authentication experience. An example of this would be including authentication flows that can handle mobile transaction and in-app purchases. 3-D Secure creates a way for the merchant, card scheme, issuer and cardholder to digitally interact to verify genuine use of a credit or debit card.

Learn more about 3-D Secure

3-D Secure was co-invented by CA (then Arcot) and Visa back in the early 2000s to protect against fraudulent e-commerce transactions. Since then, there has been wide adoption of 3-D Secure in every region; but not so much in the US. This is due to early versions of the protocol requiring customers to enter a password for every transaction. This created too much unnecessary friction in the transaction process, often causing the cardholders to abandon the transaction altogether. This problem was solved by innovative vendors like CA by providing behind-the-scenes risk-based authentication. Risk-based authentication has evolved to include sophisticated modeling and behavioral analytics which significantly solves the problem of transaction abandonment.

The next generation of the protocol, 3-D Secure 2.0, was recently developed by EMVCo—a consortium of the card schemes, merchants and technology partners to reflect current and future market requirements. The payments industry needed a new 3-D Secure specification that would support app-based authentication and integration with digital wallets, as well as traditional browser-based e-commerce transactions.

This new specification is built for these new payment channels and supports the delivery of robust security, performance and a frictionless user experience. It does so by providing more transaction and user behavior data to the authentication system to quickly determine the legitimacy of a cardholder’s transaction. Risk analytics are now a key aspect and requirement to implement the protocol in practice.

Learn more about 3-D Secure

3-D Secure was co-invented by CA (then Arcot) and Visa back in the early 2000s to protect against fraudulent e-commerce transactions. Since then, there has been wide adoption of 3-D Secure in every region; but not so much in the US. This is due to early versions of the protocol requiring customers to enter a password for every transaction. This created too much unnecessary friction in the transaction process, often causing the cardholders to abandon the transaction altogether. This problem was solved by innovative vendors like CA by providing behind-the-scenes risk-based authentication. Risk-based authentication has evolved to include sophisticated modeling and behavioral analytics which significantly solves the problem of transaction abandonment.

The next generation of the protocol, 3-D Secure 2.0, was recently developed by EMVCo—a consortium of the card schemes, merchants and technology partners to reflect current and future market requirements. The payments industry needed a new 3-D Secure specification that would support app-based authentication and integration with digital wallets, as well as traditional browser-based e-commerce transactions.

This new specification is built for these new payment channels and supports the delivery of robust security, performance and a frictionless user experience. It does so by providing more transaction and user behavior data to the authentication system to quickly determine the legitimacy of a cardholder’s transaction. Risk analytics are now a key aspect and requirement to implement the protocol in practice.

alt

Why 3-D Secure 2.0?

To make a long story short, 3-D Secure 2.0 addresses all of the shortcomings experienced with 3-D Secure 1.0. The new protocol is designed to be welcomed openly, especially in the eyes of the merchant, who had major issues with 1.0 and its tendency to add far too much friction to the shopping experience—ultimately causing high rates of transaction abandonment. There are four critical drivers for 3-D Secure 2.0: Mobile, User Experience, Merchant Adoption and Data.

The new protocol delivers additional e-commerce transaction metadata, including an extensive set of device data, which can be attributed to the rapid growth in mobile device usage globally. Enhanced data will not only facilitate greater fraud prevention gains for card issuers who participate in authentication programs based on 3-D Secure, but it will also simultaneously and drastically improve the user experience.

Is your solution equipped against the future of fraud?

If your authentication strategy can’t handle the future of payments, let CA help.

$37B in total global sales to come from in-app purchases by 2017.

Source: Statista

35% of successful fraudulent transactions among large merchants come from the mobile channel.

Source: 2016 LexisNexis True Cost of Fraud℠ Study

Large m-commerce merchants invest in fraud mitigation, but are not convinced their current solutions work properly. 33% of transactions are false positives.

Source: LexisNexis mCommerce Infographic

Journey to 3-D Secure 2.0 Checklist

Upgrade your foundation to support 3-D Secure 2.0 transactions and improve the cardholder experience.

Preparing for 3-D Secure 2.0

  1. Check which current brands are enabled on CA
  2. Review your current cardholder authentication flow and UI experience
  3. Review which flows are static and dynamic
  4. Ask yourself ‘Is my current solution compliant with IDC/PSD2?’
  5. Find out if your CA Payment Security Suite is implemented with or without risk-based models
  6. Define your authentication data preference: DUT (Data Upload), Real-Time Interface
  7. Improve data integrity by investing resources into leveraging data source

Checklist for 3-D Secure 2.0

  1. UI and cardholder journey strategized for coexistence of 2.0 and 1.0
  2. Phased rollout (Zero-Touch authentication with Dynamic Step-Up authentication)
  3. User-friendly strong authentication methods
  4. Field-programmable dynamic rules
  5. Risk-based authentication with advanced neural network models
  6. Eliminate instances of static authentication (e.g. username and password)
  7. Adhere to mandates and regulations (e.g. PSD2 RTS SCA, 3DS 2.0, etc.)

CA Payment Security Suite

Reduce card-not-present fraud losses and provide a frictionless online experience for cardholders.

Payment Security

Boost revenue and reduce fraud while delivering a frictionless online shopping experience.

Get in touch with CA.

Chat
What would you like to chat about?
Contact
Call us at +1-800-225-5224
Call us at +1-800-225-5224
Contact Us