webleads-tracker

3D secure : Secure payment solutions - Dalenys

Progressive roll-out
of 3DS V2

By introducing new security standards for online payments, the PSD2 (Payment Services Directive 2) obliges the use of strong authentication methods with the 3D Secure V2 standard for each payment. These European regulations signal the end of the SMS OTP (One Time Password).

To maintain acceptance rates, it’s imperative to plan for scenarios that apply frictionless authentication, and even benefit from exemptions if possible.
Strong authentication

x3 i

Estimated trigger rate
3DS
Before strong authentication

11%

Failure rate after triggering
of 3D Secure

The frictionless journey

3D Secure V2 introduces a new frictionless authentication path. This route occurs when the cardholder is not explicitly asked to authenticate while browsing.
1.
Payment authentication initiated
2.
Authentication request sent to server to obtain an agreement or refusal
3.
Response to this authentication communicated to the cardholder
4.
Banking authorisation processed with acceptance or refusal of the transaction
Live from the blog

Have you anticipated the impact of RTS on your turnover?

See the DSP2 file

Special cases
with the frictionless route

Certain specific payment transactions will be considered outside the scope of the RTS and will not require strong authentication.
  • Merchant Initiated Transaction (MIT)
  • Mail Order and Telephone Order
  • Outside the European Economic Area if the PSP acquirer and/or transmitter is outside the EEA

Conditions
to promote
a frictionless course

  • Merchant requests frictionless mode
  • The merchant transmits a maximum of data
  • The merchant maintains a fraud rate below the threshold imposed by the RTS

The merchant has the best assets to maintain its acceptance rate

  • Merchant requests frictionless mode
  • Merchant does not transmit enough data
  • The merchant maintains a fraud rate below the threshold imposed by the RTS

The merchant is forced by the issuer, who can accept the request in frictionless mode or continue to apply refusals

  • Merchant requests frictionless mode
  • The merchant transmits a maximum of data
  • The merchant does not maintain a fraud rate below the threshold imposed by the RTS

The merchant is forced by the issuer, who may increase the trigger rate for two-factor authentication or reject transactions

  • Merchant does not transmit enough data
  • The merchant does not maintain a fraud rate below the threshold imposed by the RTS

The merchant is forced by the issuer, who rejects all transactions, all subject to systematic two-factor authentication

Course with friction (challenge stage)

When a strong client authentication (SCA) is required by the acquirer or issuer, the course is completed with a ‘challenge’ stage. This authentication process is similar to that of the 3D Secure V1.
Steps 1, 2 and 3 are identical
to the course with friction, then
4.
The cardholder is subject to strong authentication after request from the acquirer and/or issuer
5.
The result of the authentication is transmitted to the acquirer and issuer
6.
The result of the authentication is sent to the e-merchant
7.
The banking authorisation is then processed with acceptance/rejection of the transaction

Conditions for a valid,
strong authentication

RTS came into effect on September 14, 2019 to finalise the application of PSD2 in Europe, with Strong Client Authentication (SCA) to be expected for all online transactions. Strong authentication is said to be valid when the method used combines at least 2 of the following 3 criteria:

Knowledge

Information that only the user knows (PIN code, password, etc.)

Possession

Information that only the user has (a card, a mobile phone, etc.)

Inherence

User identity recognition information, biometric identification (fingerprint, iris or voice recognition)

Want to give a new start to your customer journeys?