Everything you need to know about 3DS 2.0
Product News Tips / 26.04.2021
According to the Ecommerce Europe report, the months of the coronavirus pandemic saw an increase in e-commerce throughout the continent. But even before the outbreak of the virus, there has been a steady increase in the European e-commerce sector.
From purchasing airline tickets to fashion items and accessories or even medical products, e-commerce, or the act of purchasing items through the Internet via a website or a mobile device, has seen rapid growth.
With such growth, and the potential for fraudulent cases of misused debit and credit cards to carry out purchases, there’s been a need for increased security in the e-commerce sector.
This is why 3DS 2.0 has been introduced. Ultimately, it’s a safety measure to improve security in online and mobile shopping and decrease instances of fraud.
In this blog post, we take a look at what 3DS 2.0 is and how it affects both e-commerce merchants and their customers.
But before that, let’s help you understand what 3DS actually is.
What is 3D Secure
Simply put, 3D Secure is a free-of-charge service by Visa and Mastercard that lets users make online purchases securely by using a debit or credit card. Available only on 3D Secure merchant websites, the service is also known as Verified by Visa (VBV) or Mastercard SecureCode (MSC). It uses password protection to authenticate customers as an added fraud prevention measure.
What benefits does 3D Secure bring?
3D Secure provides additional assurance by verifying you when making purchases on the Internet. You can be sure that any online merchant that offers VBV or MSC services is a legitimate commercial entity.
How does 3D Secure work?
3D Secure works by integrating with a VBV or MSC retail website. When reaching the checkout stage of purchasing items online, a new web page will open where you will be required to enter a One-time Password (OTP) you will receive on your mobile phone before you can proceed. This measure provides extra protection against online fraud.
Here’s how 3D Secure 2.0 changes direction to provide even greater security when paying online.
An outgrowth of PSD2 and SCA
Directive (EU) 2015/2366 (PSD2), introduced in Europe, is a regulatory measure for e-money and financial institutions that seeks to add added layers of protection in the online and mobile purchasing process. Strong Customer Authentication (SCA) is a new regulation under PSD2, which aims to reduce fraud in online payments and make them more secure.
As a result of PSD2 and SCA, 3DS 2.0 has been introduced across Europe to reduce fraudulent transactions in the e-commerce space. It is an outgrowth of 3DS 1.0 and it refers to payer authentication. 3DS 2.0 stands for 3 Domain Server because it involves three parties in the online and mobile purchasing process. These parties are:
- The merchant who is selling the item which is being purchased through their website or mobile app
- The acquiring bank
- The card issuer (typically Visa or Mastercard)
How 3DS 2.0 differs from 3DS 1.0
3DS version 1.0 entailed a process of verification through which the customer entering their card details on a website received an added layer of verification by entering a password on a new page to verify their identity.
While this extra layer of protection was helpful, it was necessary to introduce new and improved security measures in the online and mobile purchasing process, hence, the introduction of 3DS 2.0.
This new and revised method of payer authentication will now have further layers of protection and security such as biometrics and tokenisation.
What it means for merchants
myPOS merchants involved in the e-commerce space will now have added fields to their checkout pages, in line with the new security measures. This change will be an automatic one, and myPOS merchants will not need to take additional steps to ensure that they are compliant with 3DS 2.0.
What this change will mean for merchants is a reduction in fraudulent transactions, increased security, better checkout processes, and ultimately, improved checkout conversions and more sales.
What it means for customers
Customers who intend on making purchases online or on their mobile devices will simply have an added layer of authentication.
In the case of a purchase from a myPOS merchant, they will need to enter information in several additional fields including: the client’s email and billing address, the cardholder name as well as a phone number.
Advantages and disadvantages of 3DS 2.0
Apart from increased security for both the customer and the merchant, 3DS 2.0 is also an important tool for reducing fraud. It makes online shopping a safer place to be online.
Further advantages include the nourishing of brand loyalty, its ease of use, improved customer confidence on websites and, ultimately, increases in online sales.
On the other hand, just like most things in life, there are some downsides, too.
These include the fact that not all card schemes have partaken in this program of payer authentication and some may not be able to complete their purchases online or will still be using version 1.0 for their purchases.
However, while 3DS 2.0 does not restrict chargebacks from taking place, it does reduce the cost of fraudulent chargebacks.
Here’s to safer online shopping!
With the introduction of 3DS 2.0, both merchants and their customers can be assured of a much safer online shopping experience, with reduced cases of fraud and improved security.
As a myPOS merchant, you can rest assured that we’re fully compliant with all our regulatory obligations and that we have taken all the necessary steps to ensure a smoother checkout process for your customers.
Here’s to a safer online shopping experience!
What do I need to do to start using 3D Secure?
3D Secure is automatically enabled on your card and no action is required on your side.
How much does 3D Secure cost?
3D Secure costs nothing. This service is free.
I have more than one card. Do I need to register all my cards separately?
This is not needed as 3D Secure is automatically enabled on all your cards.
I have just received a new card. Do I need to register it to use 3D Secure?
This is not needed as your new card is already 3D Secure-enabled.
What is One-time Password (OTP)?
A One-time Password is a passcode that is valid for only one login session or transaction on a computer system or other digital device. It comes to you in the form of an SMS message sent to your mobile phone and is valid for 15 minutes only.
I have not provided a mobile number to myPOS. Can I still make a 3D Secure online purchase?
3D Secure-enabled websites will not allow you to complete a purchase without entering a one-time password sent to a mobile phone number. However, we automatically obtain the phone number you used to activate your myPOS card. This means that there’s no need for you to provide a mobile phone number. We suggest that you check this phone number and if there’s a change or other circumstances please call our Call Centre to provide us with updated information. If you purchase goods from a non-3D Secure-enabled website, you will not be asked for this passcode.
Is providing the OTP mandatory when making online purchases?
Websites that do not use 3D Secure will not require you to provide an OTP when making online purchases. 3D Secure-enabled web merchants will oblige you to provide an OTP since, without it, you will not be able to complete your purchase.
I have not received an OTP. What do I do next?
After reaching the checkout stage of your online purchase and you initiate a payment, the OTP will be sent to your mobile phone within seconds. If you haven’t received an OTP, check if the phone number you have provided to myPOS is correct. You can also request the message to be sent again or to receive a phone call with the OTP 30 seconds after you have reached the checkout stage.
What happens if I enter the OTP incorrectly?
The transaction will fail after three unsuccessful attempts so you will have to start a new.
What happens if a supplementary cardholder is making an online transaction?
The OTP will be sent to the registered mobile phone number of the supplementary cardholder so make sure their contact details are updated with myPOS.
Can I use the OTP I received for another transaction?
No, one OTP is valid for one transaction only.
What should I do if no OTP window appears when making an online transaction?
Check if your online merchant participates in VBV or MSC. If this is so, the OTP window will appear as a new tab in your browser. If the merchant does not take part in VBV or MSC, an OTP window will not appear at all.
I received my OTP but the system does not accept it. What should I do?
First, make sure you enter your OTP correctly. If this is so and the problem remains, please start the purchase process again.
What is the personal message?
This is a personalized message that appears during every online purchase to make sure you are visiting a legitimate 3D Secure website. It can be up to 30 characters long and you can use letters from A to Z, both capital and lowercase, spaces, dashes and apostrophes. In addition, you can set this message to all cards you have at the moment or only to newly activated cards.
Is my personal information safe and secure?
Yes, your personal information is perfectly safe with myPOS.
Does the service save cookies on my computer?
The service uses only session cookies, which are temporarily saved and are automatically deleted when you log out or end the connection.
Disclaimer: Please be aware that the contents of this article and the myPOS Blog, in general, should not be interpreted as legal, monetary, tax, or any other kind of professional advice. You should always seek to consult with a professional before taking action, since the particulars of your situation may materially differ from other cases.