Introduction

The Card schemes, or more specifically the EMVCo are highly interested in providing secure Credit Card payments, in same time not jeopardizing the Customer experience and keeping the payment conversion rates high. If the Customer tries to pay with his Credit Card and he is not able to, it is most desirable that the Customer is informed about the reasons, so that he can correct what is required from his side. 

Issuers can use a text field (cardholder Information Text) in EMV 3DS to provide additional information to cardholders when an authentication request can not be completed, for example:

→ “This transaction has been declined due to security reasons. For further details please contact number at the back of card.”

→ “Your transaction has not been processed. Please call us on 555-1234 so we can help you.”

It provides a valuable opportunity for issuers to tell cardholders why their payment can not proceed and guide them to the necessary corrective action
Currently, it is optional for Merchants to display this text to cardholders in EMV 3DS 2.1 but becomes mandatory in EMV 3DS 2.2.
It is always optional for Issuers to use it (unless using Decoupled Authentication – 2.2 Only).

Implementation

Prepare for 3D Secure 2.0

PAYONE built an EMV 3DS Service that does not require merchants to implement any changes to their existing integrations, while ensuring full compliance to minimum data requirements for authentication requests as stipulated by the card schemes.

However, relying on the current implementation will lead to an uptick in challenges during checkouts. This can affect your conversion rate negatively. Therefore, we've implemented additional and optional parameters you can send to our Server API in order to take advantage of 3D Secure's exemption management.

If you want to optimize your conversion rate, here's what you have to do:

If you are connected with PAYONE via Server API

Required parameters are already implemented in the PAYONE Server API.

The more information you can supply per transaction, the greater the chance to proceed frictionless since there is more information provided to the transaction risk assessment of the issuer.

Therefore, additional optional data can be provided to your payment requests. We recommend enlarging the parameters added to the authentication requests by the end of 2020.

Additional Parameters >

If you are connected with PAYONE via Shop-Plugin

Please update regularly to ensure you use the latest version of our plugin and provide optional request parameters as we optimize our plugins for better conversion.

Latest Plugin Updates >

Not sure if 3D Secure is active for you?

Please contact your sales contact or our merchant service to ensure your merchant account is configured for 3DS.
 

Contact >

3D Secure - General Introduction

3-D Secure is a technology to increase safety for credit card payments on the Internet for both dealers as well as for customers. It is used in order to authenticate a buyer during the payment process and to reduce the risk of a chargeback.

Visa calls this procedure "Verified by Visa", MasterCard "MasterCard SecureCode", American Express "Safekey" and Diners/Discover "Protect Buy".

Payment Service Directive 2

The PSD2 states that all payment transactions must be processed with strong customer authentication as far as there are no excemptions.

  • SCA due to the use of at least two factors:
    • Knowledge (e. g. password, code, PIN)
    • Ownership (e. g. token, smartphone)
    • Inherence (e. g. fingerprint, iris scan, blood vessel pattern)

That means that all credit card transactions will have to be handled with 3-D Secure - which can be 3-D Secure 1 or 3-D Secure 2 (EMV 3-DS) on the issuer side.

If you have already activated 3-D Secure in your merchant settings the PAYONE platform will be able to handle both varying processes for you: 3-D Secure 1 or 3-D Secure 2. This depends on the credit card and its issuer and if it is allowed to process with 3-D Secure 1 or 2.

Please be aware that credit card transactions may be declined by your acquirer or the issuer if they are not processed with 3-D Secure at all.

3D Secure 1.0

In the case of 3-D Secure, virtually every payment transaction must be authorized by the end customer if the end customer has registered for the 3-D Secure procedure and the card-issuing bank participates in the procedure. Therefore the customer is forwarded to a website of the card-issuing bank, where the 3-D Secure password must be entered.

The disadvantage of this method is that the customers often do not complete the authorization and thus have prematurely terminated the purchase process.

3D Secure 2

3-D Secure 2 was introduced by the EMVCo and leading credit card companies to facilitate the customer's payment process by offering up-to-date authentication methods such as biometric procedures.

In addition, 3-D Secure 2 provides exemptions in order to bypass this authentication if certain conditions are met and proceed frictionless. In that case additional data, such as device data, can be transmitted and used to decide whether authentication by means of 3-D Secure is required. Transactions that are subject to higher risk or that have to comply with more stringent specifications (such as PSD2) can also be assigned to the authentication process.

PAYONE provides a landing page, which determines the necessary device data of the browser and makes them accessible to the ACS. As a result, no adjustments are required on by the merchant or the shop (other than stay updated on the latest shop-plug in version.

3-D Secure basic workflow with detection 3-D Secure 1 vs. 3-D Secure 2

This sequence diagram shows the new workflow, which first asks whether 3-D Secure 2 is supported by the issuer. If not, then the 3-D Secure 1 workflow is triggered.

If 3-D Secure 2 is supported, device data from the browser will be determined and sent to the issuer along with the transaction data, which may agree to a frictionless process. In this case, the transaction is processed with 3-D Secure, without the customer having to enter his 3-D Secure credentials or to approve the transaction via his banking-app.