3DS vs 3DS2: Solutions For SCA
3D Secure (3DS) is a messaging protocol which enables consumers to directly authenticate with credit card issuers while shopping online. Its successor, 3DS2, is a better SCA solution under PSD2 for credit cards.
A big advantage of using 3DS2 over its predecessor is frictionless flow. This allows an issuer to authenticate transactions without additional input from customers.
Another important attribute of 3DS2 is its liability shift: according to new regulations, liability for chargebacks is shifted from the merchants to the issuers.
What are the Implications for this Phase of PSD2 Implementation?
A healthy amount of skepticism towards SCA and PSD2 has been raised by merchants.
Research shows that only 44% of businesses expected to be ready by the September 14th deadline. In fact, 24% of businesses surveyed indicated that they would implement 3DSecure2 only after the deadline.
Perhaps most shocking is the 57 billion euros of forecasted loss (from the same study) in economic activity due to SCA. This estimate stems from forgone opportunities such as cart abandonment from new security requirements.
Merchants are justified in their fear of a higher security level causing a lower conversion rate. If merchants stay on 3DS, customers will see more challenges—each and every transaction would need to be confirmed. Merchants who previously could get around 3DS won’t be able to do so anymore.
Will all these factors lead to higher cart abandon rates? Nobody knows for sure.
Another issue of concern is whether or not SCA will be strictly enforced after the 14th of September.
The EBA states that competent authorities can work with stakeholders to grant additional time to comply with SCA. Countries such as Ireland and Germany have even indicated that they will be postponing the rollout for rules on SCA.
In the midst of the skepticism, there is also opportunity.
“While PSD2 makes SCA mandatory, it brings benefits to customers via enhanced control over their accounts. Smart use of exemptions from SCA and frictionless flow applied to 3DS2 authentication can provide reduced risks and an improved user experience for customers. ” – Danila Turuntaev, Product Manager, optile.
Yes, the state of enforcement for RTS is uncertain, but if you’re still not ready as a merchant, it’s high time to get things on track. The penalty for non-compliance would be steep. One should assume that banks will decline payments when SCA is not applied.
Merchants should take advantage of exemptions to keep friction low for consumers. One easy way to do this is by connecting to payment providers that have adjustment strategies for PSD2.
There are many new parameters which allow issuers to assess risk and to choose frictionless flow. Merchants should provide these parameters even though they are often optional. If you are having trouble implementing changes, it may be comforting to know that 3DS will still, for the near future, count as customer authentication for a majority of banks and providers.
If You Haven’t Already Done so…
Merchants, start a conversation with your payment providers to understand how they can help you adjust to PSD2. Customers also need to be informed. Online businesses who have not educated their customers about PSD2 on time, must hurry up or put their customer base at risk for shrinking.
You should also maximize their use of exemptions to maintain a stellar checkout and of course, stay vigilant for fraud.
optile provides a unified interface for merchants to handle the requirements of PSD2 regardless of their provider.