Since October 2022, the major credit/debit card associations have gradually stopped supporting or offering 3DS1.0 services. Instead, they have been strongly advocating the use of Strong Customer Authentication (SCA), a protocol that enhances security for the online consumer and, at the same time, minimizes the merchant’s exposure to fraud risks.
In line with the UK’s implementation of SCA commencing 3rd April 2022, the European Economic Area (EEA) has also launched this protocol to enhance the security of customer-initiated online payments and contactless offline payments and minimize fraud risk for the merchant.
How do you ensure the security and efficient operation of your business in Europe and reap the benefits of the shopping frenzy? The answer is a full-scale adoption of SCA.
Are you required to comply with PSD2-SCA? According to the PSD2, consumers transacting online within the EEA must comply with the SCA conditions stipulated by the payment acquirers within the region. Failure to do so would result in their transactions being declined.
That said, there are still 4 different types of scenarios that do not require SCA:
Merchant Initiated Transactions (MIT) i.e. transactions that have been pre-authorized by the cardholder. Examples of such transactions are subscriptions, recurring billings etc.
Transactions that have been authorized via email or phone (MOTO)
One Leg Out transactions (OLO) where either the card issuer or the payment acquirer is located outside of the EU. (For security reasons, SCA is strongly advocated.)
Anonymous transactions e.g. transactions made using vouchers or pre-paid cards. In addition, even if the transaction in question is eligible for SCA, there is still the possibility of this requirement being waived as can be seen in the examples below:
The transaction has been deemed to be low risk as a result of Transaction Risk Analysis (TRA).
Low Valued Transactions where the transaction value is less than 30 euros and there is no way of assessing the risk of said transaction, the merchant or the acquirer would be able to, within certain limitations, be able to waive SCA.
When the consumer has added the merchant as a Trusted seller and SCA has already been completed in the first transaction between the two parties, there would be no need for subsequent SCA.
Any non-personal transactions made using eligible Corporate cards would be exempt from SCA.
Presently, 3D-Secure (abbrev. 3DS) is the most commonly used protocol for SCA. Going forward, EMV-3DS (abbrev. 3DS2.0), the security assessment protocol jointly commissioned by Visa, MasterCard, American Express, Discover, JCB and UnionPay, will be used to ensure the security of online(cardless) credit and debit transactions.
EMV-3DS comprises EMV-3DS2.1 which is used worldwide and EMV-3DS2.2 which is used only in Europe.
Compared to its predecessor 3DS1.0.2, the 3DS2.0 protocol dives deeper into the transaction and related details without adversely impacting the customer experience. Risks pertaining to fraudulent activity and authorization are managed effectively to maximize transaction security.
- 3DS2.0 is dynamic with enhanced breadth and depth of application, useable in many different countries and compliant with a diverse range of regulatory systems. The newly implemented 3DS2.0 is capable of assessing each transaction’s legibility and assist the merchant in ensuring compliance with the respective regulatory requirements.
- 3DS2.0 eliminates static passwords and applies dynamic password authentication, making two-factor authentication a reality.
- 3DS2.0 supports multiple payment modes and channels e.g. applications, IoT, browsers etc. as well as other modes of payments favored by the consumer, like stored cards, wallets, tokenization, further enhancing the consumer’s payment experience.
- 3DS2.0 offers a tenfold uptake in data processing, vastly increasing the card issuer’s risk management capabilities.
- 3DS2.0 has enhanced customer experience by simplifying customer authentication. Enabling compliance with cross-border PSD2 and applying SCA to minimize chargebacks due to fraud with no adverse impact on transaction efficiency.
Once PSD2 was announced, the Oceanpayment team went to work and developed a system that meets the assessment needs. After 3 years of R&D, we are happy to launch PSD2-SCA, a system that offers seamless 3DS2.0 authentication to cross-border merchants:
A filtering function that differentiates the transactions meeting the criteria of low-risk and/or low transaction value for automatic SCA waiver, minimizing the barriers for the affected consumers.
Smart, real-time risk control system that assigns risk ratings to the transactions, triggering 3DS authentication for eligible transactions and closely monitoring high-risk transactions.
Respond accordingly to feedback from the card association or card issuer to activate 3DS for the respective transactions and improve payment success rates.
AI-based risk management in conjunction with 3DS authentication to infiltrate and filter out high-risk transactions, maximizing transaction completion rates.
Oceanpayment’s secondary scan activates a further risk assessment of consumers that have not passed the 3DS authentication to ascertain if the related transaction is eligible for processing. This function serves to maximize the completed orders for the merchant without compromising security.
Please contact your sales rep at Oceanpayment to inquire about our 3DS2.0 solution and ramp up your business in Europe, quickly and seamlessly!