You may have seen information regarding “3DS2.0”, “SCA” or “PS2D” circulating in recent years. In this blog post, we’ll break down some of the key terms and changes, along with any actions you may need to take!

3D Secure is an additional payment verification step completed during payment. The general purpose of this is to improve security and prevent card fraud.

3D Secure provides a “second-factor” step for completing a purchase and verifying authenticity. This protects both the customer and the merchant; customers have less chance of stolen details being used successfully, while merchants gain better defence dealing with fraudulent chargeback requests.

A financial deadline has passed this week (14th March 2022) which has made 3D Secure 2.0 mandatory in the European Economic Area & United Kingdom.

These terms are often interchanged and here’s a quick breakdown of them:

  • “SCA” refers to “Strong Customer Authentication”
  • “PS2D” is the term for the European regulation “Payment Service Providers Directive” - this is the regulation that is enforcing this change with Banks/Merchants/Payment Providers.
  • “3D Secure” 3D stands for “three domains.” - which covers three different areas:
  1. The first domain is the card issuer
  2. The second domain is the retailer/merchant receiving the payment
  3. The third domain is the 3DS infrastructure platform that acts as a secure go-between for the consumer and the merchant/retailer.

The deadline for this regulation had been pushed a few times due to technical issues and then further due to COVID-19 pandemic. The final deadline was finalised as 14th March 2022 with no further movements allowed.

What is 3D Secure 1.0?

It has typically looked like the below in the past which you may recognize. Although in security principles this worked, it was created for an era of Desktop purchases only and often had many usability issues on mobile devices.

What has changed with 3D Secure 2.0?

Based on the feedback from “3D Secure 1.0” a new standard has been created “3D Secure 2.0”. This has the same principles but a more modern look and has been better designed for mobile devices. Users will be prompted to verify a text message or redirected to their banking app to approve the purchase. Biometrics such as fingerprint or face recognition may also be available depending on the bank used

This will typically look like the below examples:

What do Merchants/Retailers need to do?

The first port of call is to discuss with the payment provider, most providers will have already proactively reached out to merchants over the past few years. Some payment providers may request for their “plugin/module” to be updated to the latest version.

There is likely disruption for customers that do not have a “3D” activated card as their payments will be declined for not meeting the new standard.

From a Merchant perspective, we recommend that you also discuss with your development team any concerns about failed orders. We also encourage you to place test orders using a 3D-activated card on your website to ensure a smooth process is in place.

If you have any concerns or questions, feel free to get in contact with us today!

Further information can be found in the sources below:

UK Finance on SCA deadlinehttps://www.ukfinance.org.uk/press/press-releases/deadline-implement-strong-customer-authentication-fast-approaching

VISA - How European Regulation impacts your businesshttps://www.visa.co.uk/partner-with-us/payment-technology/strong-customer-authentication.html