6. 3D Secure 2 authentication

3DS (Three-Domain Secure) is an online payment security authentication protocol designed to enhance the security of online transactions by adding an extra layer of verification of card-not-present (CNP) transactions, thereby reducing fraud and unauthorized transactions. It involves three parties: the issuing bank, the card network, and the acquirer, ensuring that only the legitimate cardholder can complete the transaction.

Development History of 3DS

• 3DS 1.0 Version: Launched in 2001, it required cardholders to enter a password during the transaction process for identity verification.
• 3DS 2.0 Version: Launched in 2016, it introduced password-free authentication and biometric technology, significantly improving the user experience.

Benefits of 3DS

• Enhanced Payment Security: By verifying the payer's identity, it adds an extra layer of security for online transactions.
• Fraud Liability Transfer: After a card transaction is successfully authenticated through 3DS, the responsibility for fraudulent chargebacks usually shifts from the merchant to the issuing bank.
• Compliance with Regulatory Requirements: Helps merchants and issuers comply with various regulatory requirements, including Europe's PSD2.

We recommend that you use it to comply with authentication regulations for online payments such as PSD2 SCA that requires strong customer authentication to make online payments in the European Economic Area, and to use liability shift rules.
When the 3D Secure workflow is initiated in a transaction, the process can go through one of 4 possible sub-workflows:

• No challenge (frictionless flow)
• Device fingerprint assessment only (frictionless flow)
• Cardholder challenge only (without device fingerprint)
• Full authentication (both device fingerprint assessment and cardholder challenge)

A transaction that qualifies for 3D Secure 2 can go through either a frictionless flow or a challenge flow, depending on the issuer's requirements.