3-D Secure was co-invented by CA (then Arcot) and Visa back in the early 2000s to protect against fraudulent e-commerce transactions. Since then, there has been wide adoption of 3-D Secure in every region; but not so much in the US. This is due to early versions of the protocol requiring customers to enter a password for every transaction. This created too much unnecessary friction in the transaction process, often causing the cardholders to abandon the transaction altogether. This problem was solved by innovative vendors like CA by providing behind-the-scenes risk-based authentication. Risk-based authentication has evolved to include sophisticated modeling and behavioral analytics which significantly solves the problem of transaction abandonment.
The next generation of the protocol, 3-D Secure 2.0, was recently developed by EMVCo—a consortium of the card schemes, merchants and technology partners to reflect current and future market requirements. The payments industry needed a new 3-D Secure specification that would support app-based authentication and integration with digital wallets, as well as traditional browser-based e-commerce transactions.
This new specification is built for these new payment channels and supports the delivery of robust security, performance and a frictionless user experience. It does so by providing more transaction and user behavior data to the authentication system to quickly determine the legitimacy of a cardholder’s transaction. Risk analytics are now a key aspect and requirement to implement the protocol in practice.