Last updated October 1, 2019.
Although the September 14, 2019 enforcement date for PSD2: Strong Customer Authentication (SCA) requirements has come and gone, many merchants still have questions about how to ensure that their transactions are SCA-compliant. (For the latest information on the ever-evolving regulatory landscape in Europe, please refer to our SCA cheatsheet.) While the regulations and requirements may seem complex, the solution is simple: 3D Secure 2 (3DS2).
3DS2 is Braintree’s recommended solution for meeting SCA requirements and can help ensure cardholder authentication and protection against fraudulent transactions. The latest 3DS update, which lets issuing banks verify cardholders during transactions, also means benefits for merchants: It can help transfer liability for fraud disputes to issuers, help reduce costs associated with chargebacks, and even help increase conversion.
3DS is a security protocol that provides an extra layer of protection for online credit and debit card purchases. It was first deployed by Visa as "Verified by Visa" and later renamed "Visa Secure.” Since that initial rollout, payment-authentication services based on 3DS have been adopted by Mastercard, American Express, and other major issuers and schemes.
The protocol connects merchants, card networks, and financial institutions to authenticate transactions and share data. An additional verification step helps protect both cardholders and merchants during checkout -- a lookup determines if the cardholder is enrolled in 3D Secure and whether they will need to authenticate the transaction.
The original 3D Secure protocol, 3DS1, was developed long before the smartphone, and it showed -- 3DS1 became known across the industry as a “conversion killer” due to its friction-heavy transaction process.
But 3DS2 was specifically designed to help reduce that friction, especially for mobile checkout, thanks to a seamless mobile experience and native SDKs for both Android and iOS. And while its primary purpose is to meet SCA requirements for biometrics and two-factor authentication, 3DS2 can help improve conversion by making checkout faster and easy for customers.
1-2. "Frictionless Experience with Verified by Visa," Visa, 2018
This next-generation solution provides automated fraud protection. It’s always on, helping to protect customers and merchants -- no fine-tuning or maintenance beyond updates required. And rather than requiring cardholder involvement, 3DS2 uses device and browser data to accurately make authentication assessments that typically happen behind the scenes. It also offers improved ways to replace static passwords in the event of a challenge.
When fraudulent transactions do occur, with 3DS2 merchants may shift the chargeback liability for those transactions from themselves to the issuing bank.
Issuers may approve more transactions when using 3D Secure.
All companies doing business in Europe need to be aware of PSD2: SCA requirements. Enabling 3DS2 is the recommended approach to ensure compliance with the new regulations.
By adding an authentication step for online purchases, 3DS2 provides another fraud-protection layer for online credit and debit card transactions.
Get more information about various SCA payment scenarios.
3DS2 via Braintree provides a simple way to authenticate transactions with a low-friction checkout experience for cardholders -- plus a single integration that manages multiple acquiring relationships. Our newest front-end and mobile SDKs are built to support all 3DS2 authentication paths. This new iteration will include a method for collecting the device and browser data required by each individual issuing bank, as well as customer data elements. Merchants can also take advantage of 3DS2’s chargeback liability-shift benefit to help reduce costs associated with chargebacks categorized as fraudulent.
With 3DS2, Braintree gives merchants an upgraded weapon in the fight against fraud, plus the benefits of a seamless, secure checkout experience -- all with the peace of mind that comes with an industry-standard authentication solution to meet SCA requirements. Braintree’s 3DS2 solution also offers built-in support for both 3DS2 and 3DS1 protocols and can automatically divert your transactions, so you can be sure your business will be SCA-compliant regardless of issuer readiness.
Questions about SCA and how to prepare? Start here.
Read more
Authentication will vary based on transaction types and business models. Here, we take a closer look at how SCA can be applied to some common payment scenarios and flows.
Read more
