The EU payment services directive (PSD2) emphasizes stricter policies to tackle fraudulent transactions. The regulation was created to protect consumers during digital transactions and reduce fraud. In essence, the directive introduced the concept of Strong Customer Authentication (SCA). These sophisticated words translate into a 3-step verification process that uniquely identifies the real cardholder at the very beginning of a transaction. These steps can be summarized with the following 3 requirements a customer fulfills when making an online payment:
✓ Knowledge: password, secret fact, pin
✓ Possession: mobile phone, card, token
✓ Inherence: fingerprint, facial features
3D Secure is the tool that gives financial institutions the confidence that the payment is executed by the real cardholder. To see how 3D Secure solves this problem, let's delve into the mechanisms behind it.
What's 3D Secure?
The technology behind 3D Secure payments was developed more than 20 years ago. Back then, it didn't see wide adoption as online payments were more of an exotic feature rather than the de facto way of doing business. However, times have changed. European internet commerce is expected to grow to $1 trillion by 2022. Online fraud and the demand for fraud prevention are growing with it.
3D Secure consists of 3 separate domains that authorize the payment - the acquirer, the issuer, and the interoperability domain. Each of these participants adds extra pieces of information to the transaction. The additional layer of security prevents unauthorized card-not-present (CNP) transactions and thus reduces the risk of CNP fraud.
3D Secure is a service that needs to be supported by both the card of the consumer, and the merchant that is accepting the payment. Verified by Visa and the MasterCard SecureCode program are two of the implementations of the 3D Secure protocol, which are more widely adopted by merchants. The main motivation to add this additional layer of complexity and effort for the customer is fraud prevention and fewer (merchant) losses. Additionally, according to the VISA and MasterCard's rules, in the event of a transaction dispute, if the merchant does not support the 3D Secure service, the dispute is resolved in favor of the cardholder. This goes vice versa when a merchant supports 3D Secure payments, and a cardholder does not.
All Payhawk cards come with 3D Secure. We want to make sure that our clients are protected and, in cases of fraud, can retrieve their funds as fast as possible.
How do 3D Secure payments work?
The protocol's primary function is to combine the authorization process with online authentication.
When you make an online purchase with your Payhawk card, you are redirected to the website of the card-issuing bank to authorize the transaction. The additional authentication method sends you a one-time password as part of an SMS message. When you enter the password, the transaction is authenticated and authorized.
This scenario varies slightly because the 3D Secure protocol allows for every issuer to choose any authentication method (i.e. email address verification, a password token, etc.). In order for 3D Secure to be compliant with strong customer authentication (SCA), there needs to be some sort of biometric identification. You can read more about the new trends and 3D Secure 2.0 in our next article.
Who benefits from 3D Secure payments?
Firstly, 3D Secure provides protection and security to all stakeholders. There are many tips and tricks that we at Payhawk advise to increase your card's security. However, the added benefit of 3D Secure comes out of the box.
The most significant advantage is that it reduces the risk of fraud. The additional security prevents scammers from stealing funds online. This means that obtaining the card data is not enough to get access to the funds inside of it.
The second substantial benefit is customer experience. Many customers feel more confident, knowing there is an extra security level in place to protect their data and funds. With safer transactions, it's easier to allow more employees to have access to company funds and reduce process overhead. When you expand this internationally, 3D Secure payments enables businesses to explore new opportunities while keeping all stakeholders safe.
Currently, 35% of global e-commerce volume runs through 3D Secure. This number is expected to increase with the enforcement of the EU PSD2 directive and updated 3D Secure 2.0 protocol. Above all, by reducing fraud and increasing customer confidence, 3D Secure is swiftly becoming a necessity.
If you want to find out more about all of the quirks and features that Payhawk cards have, book a demo with us.