How does 3-D Secure work so far?
The globally standardized 3-D Secure Protocol (3-DS), which was introduced in 2002, offers merchants and consumers additional security for credit card transactions. With this procedure, online shoppers verify themselves to their card-issuing bank (issuer) as legitimate cardholders. In contrast to a conventional credit card payment process on the Internet, 3-D Secure requires an additional security code. This makes the misuse of credit cards much more difficult.
How does 3-D Secure 2 differ from the previous method?
Essentially, 3-D Secure 2 is a refinement of the previous 3-D Secure protocol. With each credit card order, up to 100 data points will be be transmitted to the issuer; based on these data points, the issuer performs a real-time risk assessment. If a transaction is classified as low-risk, it can be authorized directly and without further interaction by the buyer. However, if fraud is suspected, the buyer is requested to confirm his identity again, for example by push-TAN. The risk assessment takes place in the background and is not perceptible to the buyer. The collection and forwarding of the necessary data takes place both via the merchant's shop backend and via the Payment Service Provider (PSP), which connects 3-D Secure 2 to the respective shop.
When and why will 3-D Secure 2 be introduced?
The declared aim of introducing 3-D Secure 2 is to meet the requirements of Strong Customer Authentication (SCA) and to establish it as the standard for electronic payment procedures from 31 December 2020. On the other hand, the introduction is also intended to reduce the percentage of cancelled purchases: Thanks to the individual, data-based risk assessment, transactions can be cleared directly and without further buyer interaction in approx. 95 percent of all cases - in future, the majority of purchases will therefore take place without entering a 3-D Secure Code.