Latest Updates on EMV® 3D Secure 2.3 (3DS 2.3.1)

3DSEcure 3.2.1 Hero Image

 

In a significant step towards enhancing online payment security, EMVCo, the global technical body that manages EMV specifications, released EMV® 3DS 2.3 (3D Secure 2.3) at the end of September 2021. This latest version of the 3D Secure protocol introduces several improvements designed to combat fraud, support a wider range of devices and channels, and ultimately improve the overall user experience for cardholders.

3D Secure 2.3.1 is the latest version of the 3-D Secure protocol. This version was released in August 2022 and includes additional capabilities to utilise new data elements and supports more channels and devices. Throughout this blog, we’ll be referring to EMV 3DS 2.3.1 as 2.3 for simplicity and ease of understanding.

Overview


The world of digital payments is constantly evolving, and 3D Secure has played a significant role in ensuring secure transactions. The new enhancements to the protocol include:

  • Multi-channel authentication
  • Better exchange of cardholder data
  • Efficient fraudulent transaction identification
  • Streamlined authentication processes

In this blog, we will explore how these changes impact consumers with a frictionless payment experience, a simplified challenge process for purchase confirmation, and device binding for quicker authentication. Additionally, we will discuss how merchants and issuers benefit from precise risk assessment and decision-making, leading to diminished unwarranted challenges or declines through advancement of the 3DS.

3DS 2.1 Deprecated

What is 3DS 2.3 and what is new?


3DS 2.0 (3DS2) was developed to address the limitations of its predecessor by integrating a broader range of data and incorporating biometric information into the authentication process. This enhancement allows for faster, more accurate fraud detection, significantly improving security for online transactions. As of October 2022, all major card networks have adopted 3DS2, making it a standard in the payment industry.Building on this foundation, 3DS 2.3 introduces even more advanced features, keeping pace with the latest developments in payment technology and evolving industry standards. The updates in 3DS 2.3 provide merchants with an optimised checkout experience, ensuring smoother, more secure payments for customers. Additionally, issuers benefit from enhanced data, which facilitates quicker and more efficient authentication processes.

Unpacking the Advancements of 3D Secure 2.3  


The latest iteration of the 3DSecure protocol, known as 3DSecure 2.3, marks a significant advancement in online payment security. It effectively addresses the limitations of its predecessor by incorporating additional data elements, such as merchant risk indicators, account age indicators, shipping address usage, and payment account reference. The swift evolution of consumer behaviour and the escalating threats of fraud within the payments industry have underscored the pressing need for enhanced security measures. With 3DSecure 2.3, merchants and issuers can leverage improved risk assessment capabilities, empowering both groups to make more informed decisions.  


EMVCO 3DS
3DSecure 2.3.1 Key Features


3DSecure 2.3 unveils new features designed to enhance security and elevate the customer experience. This updated protocol version aims to foster a heightened level of trust among users by offering increased assurance in online transactions. How? Through an improved authentication process that enables more accurate risk assessments.  The authentication procedure is strengthened by leveraging security keys, ensuring utmost security for every transaction. Moreover, 3DSecure 2.3 embraces the latest technological advancements and user-friendly interfaces to stay aligned with the dynamic landscape of online payments, making it a timely upgrade in the world of secure digital transactions. The main improvements are as follows:

  • Additional Authentication Approaches
    3DS 2.3 introduces flexible authentication methods that align with issuer preferences, considering factors like transaction risk and regulatory requirements. This update supports compliance with Strong Customer Authentication (SCA) regulations by enabling two-factor authentication, enhancing security while maintaining a seamless user experience.
  • Streamlined Consumer Authentication
    The latest version of 3DS improves data exchange between merchants and issuers, allowing for better risk assessment of transactions and consumers. This optimisation minimises unnecessary delays in the payment process, increasing transaction approval rates without additional security steps. For most transactions, customers can simply click or tap to pay, while higher-risk transactions are handled efficiently with minimal friction.
  • Enhanced Data Collection
    With 3DS 2.3, merchants and issuers have access to more detailed transaction data, payment method information, and device details, including payment token data and recurring transaction insights. This enhanced data capability allows issuers to authenticate recurring payments quickly and accurately, providing clear information for various scenarios like fixed subscriptions, free trials, or variable payments.
  • WebAuthn and Secure Payment Confirmation (SPC) Support
    Collaborating with the World Wide Web Consortium (W3C) and the FIDO Alliance, EMVCo has integrated support for WebAuthn and Secure Payment Confirmation (SPC) in 3DS 2.3. This inclusion enables the use of advanced biometric authentication methods, enhancing transaction security and reducing the risk of fraud.
  • Automated Out-of-Band (OOB) Transitions
    The new automated OOB transitions feature simplifies the process for transactions requiring authentication via a separate app. Instead of manually switching between apps and logging in, this enhancement automates the transition between the merchant app and the banking app, streamlining the checkout experience and speeding up transaction approvals.
  • Device Binding
    Device binding in 3DS 2.3 allows consumers to opt for their devices to be remembered for future transactions. This feature speeds up the authentication process for subsequent purchases, providing a smoother user experience.
  • User Interface (UI) Updates
    Issuers and merchants now have more options for customising the user interface, making it easier to guide customers through the authentication process. This flexibility helps improve user experience and can reduce cart abandonment.
  • Split-SDK Model
    The new Split-SDK Specification in 3DS 2.3 simplifies the implementation of the protocol across various e-commerce payment channels and devices, including smart speakers and other IoT devices. This model ensures a consistent and secure payment experience across all platforms.
  • Backwards Compatibility: Ensuring compatibility with previous versions is a key focus of 3DS 2.3.1. This means that merchants who have already implemented 3DS 2.1 or 2.2 can upgrade to 2.3.1 without extensive rework, preserving their existing investments in security infrastructure. 

How Much Safer Are Online Transactions with 3DS 2.3? 


Online transactions are significantly safer with the implementation of 3DSecure 2.3. This advanced security framework offers enhanced authentication methods, such as facial recognition and biometric information, to protect against payment fraud.  The updated security keys safeguard against card fraud, making online transactions more secure in the ever-evolving payments industry. 

Conclusion 


In conclusion, 3DS v2.3.1 enhances fraud prevention for issuers, acquirers, and merchants across all e-commerce channels and devices while optimising the user experience for consumers. This update ensures smoother and more secure checkout experiences, adapting seamlessly to both current and emerging digital payment scenarios. Stay updated with the latest technology to protect yourself and your customers in the ever-evolving world of online payments. For more information, contact the GPayments team.