As consumers continue to perform online transactions such as shopping and paying bills, amongst others, it is becoming increasingly important to verify these transactions and prevent fraud. According to Statista, e-commerce losses to online payment fraud were estimated at 20 billion USD globally in 2021. That is a growth of over 14 percent compared to the 17.5 billion dollars recorded in the previous year. It is therefore vital for businesses to discover new ways to verify customer transactions and not compromise their customers’ safety and security when making payments. One of the most effective ways of doing this is using 3D Secure (3DS) authentication to differentiate valid transactions from fraudulent ones.
How did 3D Secure 1 work?
As a shopper, there is a high possibility that you have experienced 3D Secure 1 (3DS1) before. Before completing a payment, 3DS1 redirects you to your bank to authenticate your card by requesting an OTP (one-time password).
What is 3D Secure 2, and how does it work?
3D Secure 2 (3DS2) is an industry authentication standard that provides a new and improved approach and mechanism to authenticating online card payments by enabling businesses to ensure a number of transaction attributes that the issuer can use to authenticate customers more accurately without asking for a password or most importantly not compromising on their convenience to do so.
Source: VISA
How does Flutterwave support 3D Secure 2?
Flutterwave supports 3DS2 via our payment APIs and Checkout. This automatically allows merchants to apply 3DS2 to high-risk payments protecting merchants from fraudulent transactions. Flutterwave ensures 3DS2 is applied as long as the cardholder’s bank supports it.
How does 3DS2 benefit your business and customers?
3DS2 is a strong authentication protocol with several benefits for you and your customers, such as a smoother user experience and increased security, along with other benefits such as:
- Chargeback liability shifts for fraudulent transactions from the merchant to the cardholder’s bank.
3DS2 shifts the liability for fraudulent-related chargebacks from the merchant to the cardholder’s bank.
- A better user experience across devices and in-app
3DS2 allows the transmission of data elements on each transaction to the cardholder’s bank. This includes data elements such as shipping address, transaction history and customer’s device ID.
- The risk of fraud is reduced
3DS2 ensures merchants accept card payments only from legitimate customers. If the illegitimate user gets access to the card details, it is less likely that the person would also have access to the cardholder’s OTP. This, therefore, ensures the risks of fraud are significantly reduced. Also, using rich data ensures that payments are more secure since this process facilitates the exchange of over 100 data points during a transaction.
Source: VISA
Is 3D Secure 2 mandatory?
Visa announced the full sunset of 3DS 1.0.2 and all related technology by 15 October 2022. In your business’s best interest of security and to ensure your transactions meet the PSD2 mandate, your business will be automatically migrated to 3DS2.
Migrating to 3DS2 will facilitate your customer authentication approvals on your website, reducing the steps to prove the identity of your customers. 3DS2 will allow customers to authorise their transactions using their banking app or through biometric methods such as fingerprint or facial recognition (i.e. if their bank supports biometric authorisations), and exemptions can be applied in lower-risk scenarios.
To reap the benefits of 3DS2, cardholder’s bank and payment processors must comply with this mandate.
We hope this article was helpful. If you have any questions or concerns, please send us an email.
Recommended reading list