3D secure is an additional security measure for online payments. It was introduced as a response to the increased fraud risk associated with the use of stolen credit card details. It works by adding an extra layer of authentication to the payment process. This usually takes the form of a one-time password (OTP), which is sent to the cardholder’s mobile phone. The cardholder then enters this OTP into the 3D secure window that appears on their screen. 3D secure is not mandatory for all online payments, but it is becoming increasingly common. Many banks and card issuers now offer 3D secure as an option for their customers. 4
PSD2 is a regulation that includes a number of measures designed to improve the security of online payments, including 3D secure. PSD2 will also require merchants to provide more information about their products and services before a customer makes a purchase. This will help to reduce instances of fraudulent transactions.
A blog post in Finextra contemplates how the requirements of PSD2 in the EU will work in combination with the updated requirements of 3D secure 2.0. PSD2 requires that payments use strong authentication methods:
PSD2 is a substantial overhaul of existing regulations for the payments industry.
It aims to increase competition within the payments industry, bring into scope new types of payment services, enhance customer protection and security, and extend the reach of the Payment Services Directive.
(PSD2) Promotes SCA (Strong Customer Authentication) by providing clarity on the use of emerging payment methods such as mobile payments, biometrics payments, 2FA (Two Factor Authentication), and OTPs (One Time Passwords)
The author suggests that 3DS 2.0 is a part of creating more secure online transactions and is compatible with the requirements of PSD2:
Many are wondering how the introduction of PSD2 has and will continue to affect 3DS 2.0 (3D-Secure 2.0), the updated protocol which ensures safe and secure online transactions. First, let’s quickly recap 3DS 2.0.
3D-Secure 2.0 aims to facilitate ‘frictionless shopping’ which incorporates the ease and speed of ‘old school’ transactions with the security of 3D-Secure by offering multi-factor authentication which, once set up, means transactions (even card-not-present transactions) are simple and straightforward for consumers.
What is not addressed is how SCA would be applied to Payment Initiation Service Providers (PISPs). These organizations provide opportunities to make purchases directly from consumers’ checking accounts. 3DS intentionally works within the card payment environment only, suggesting that multiple forms of SCA will be needed based on payment type.
Overview by Sarah Grotta, Director, Debit Advisory Service at Mercator Advisory Group
Read the full story here
