More security for credit card payments in e-commerce with the 3-D Secure 2 protocol
No conversion losses, despite 3-D Secure 2
Bypass 3-D Secure 2 for selected transactions by making optimal use of the SCA exemptions: Individual and automated handling of SCA exemptions and soft declines in Computop Paygate.
How does 3-D Secure work so far?
The globally standardized 3-D Secure Protocol (3DS), which was introduced in 2002, offers merchants and consumers additional security for credit card transactions. With this procedure, online shoppers verify themselves to their card-issuing bank (issuer) as legitimate cardholders. In contrast to a conventional credit card payment process on the Internet, 3-D Secure requires an additional security code. This makes the misuse of credit cards much more difficult.
Correctly managing 3-D Secure and winning conversions. Presentation by Claudia Klein and Volker Wohlrab at the Digital Expert Forum 2021.
How does 3-D Secure 2 differ from the previous method?
Essentially, 3-D Secure 2 is a refinement of the previous 3-D Secure protocol. With each credit card order, up to 100 data points will be be transmitted to the issuer; based on these data points, the issuer performs a real-time risk assessment. If a transaction is classified as low-risk, it can be authorized directly and without further interaction by the buyer. However, if fraud is suspected, the buyer is requested to confirm his identity again, for example by push-TAN. The risk assessment takes place in the background and is not perceptible to the buyer. The collection and forwarding of the necessary data takes place both via the merchant's shop backend and via the Payment Service Provider (PSP), which connects 3-D Secure 2 to the respective shop.
When and why will 3-D Secure 2 be introduced?
The declared aim of the introduction of 3-D Secure 2 is, on the one hand, to meet the requirements for Strong Customer Authentication (SCA) and to establish it as the standard for electronic payment processes from 2021.
On the other hand, the introduction is also intended to reduce the percentage of cancelled purchases: Thanks to the individual, data-based risk assessment, transactions can be cleared directly and without further buyer interaction in approx. 95 percent of all cases – in future, the majority of purchases will therefore take place without entering a 3-D Secure Code.
Required steps for the 3-D Secure 2 integration:
1. Adaptation of the necessary transaction parameters
Please adjust the extent of the transaction data transmission according to our online documentation. Please note our recommendations for the selection of additional data fields whose transfer enables the issuer to carry out an optimal transaction risk analysis which optimizes your conversions.
2. Setting up a test MID
To test the correct data transmission to Computop Paygate you must set up a test MID. If you have received your own test MID (you can recognize it by the fact that the name contains "test"), use it to transfer test transactions.
Otherwise, you will find the generally valid Computop test MID for 3-D Secure 2 in your Computop Analytics account. Optionally you can also apply for a new, individual test MID from our Merchant Services team.
3. Sending a test transaction to Computop Paygate
Now send a transaction to Computop Paygate using the test-MID. If your adjustments to the 3-DS protocol are correct you will receive a confirmation of success for your test transaction.
4. Carrying out the acquirer test
With the confirmation of success please contact firstname.lastname@example.org. Our team will contact you immediately to test the further transfer of your payments to your acquirer(s).
If you receive an error message on your test transaction, please check your customization again based on our online documentation. Our Merchant Services team will be happy to help you with any problems.