EMV®3DS 2.1 to stay in the past; 3DS 2.2. brings more secure online payments

The 3-D Secure (3DS) 2.1 protocol, used to be the backbone in the fight against e-commerce fraud prevention for years. Soon is out of the game. This marks a crucial transition in the payments industry, driven by the need for enhanced security, improved user experience, and regulatory compliance.

As we approach October 2024, a significant shift is occurring in online payment security. The 3-D Secure (3DS) 2.1 protocol, which used to be the backbone and the main tool in the fight against e-commerce fraud prevention for years, will soon be out of the game. This sunset marks a crucial transition in the payments industry, driven by the need for enhanced security, improved user experience, and regulatory compliance.

3-D Secure has been at the forefront of securing e-commerce transactions for over two decades. The protocol has undergone several updates, each addressing the evolving needs of the digital payment landscape.

According to Statista, mobile devices are central to online shopping, with smartphones accounting for 66% of online orders. Google reports that 80% of consumers worldwide visit a retailer’s website from their smartphone while shopping in-store, and eMarketer states that mobile commerce is expected to account for 42.9% of e-commerce sales in 2024.

The transition from 3DS 2.1 to 2.2 represents a significant leap forward. It focuses on what is to come, which is the increase in mobile payments and the need for enhanced user-friendliness.

3DS 2.2 offers enhanced capabilities, including better support for mobile transactions and improved risk assessment, through Risk-Based Authentication (RBA) for transaction risk analysis and strong customer authentication.

The new version aligns more closely with regulations like PSD2, particularly in supporting strong customer authentication (SCA) exemptions through specific flags and challenge indicators. It allows for more flexible authentication processes, often enabling merchant-side authentication.
Such is the case with recurring TV subscriptions or supporting merchant-initiated transactions through improved 3RI (3DS Requestor Initiated) transaction capabilities.

Equally significant is the support for decoupled authentication, which allows transactions to proceed even when the consumer isn’t immediately available to authenticate. This is useful for scenarios like split shipments or recurring transactions, adding a new layer of convenience to the online shopping experience while maintaining robust security measures.

As a consequence of all this, 3DS 2.2 reduces friction in the payment process and increases merchant conversion rates. It has been extended to ensure smoother payment processing and to positively impact the overall customer experience.

Finally, it aims to better align with innovative technologies in the payments industry and bring progress in e-commerce.

As the sunset date approaches, it’s crucial for all stakeholders in the payment ecosystem to prepare.

Merchants should upgrade their payment systems to support 3DS 2.2, ensuring compatibility with the new protocol.

Issuers need to implement 3DS 2.2 on their authentication servers and update their mobile banking apps to support new authentication methods.

Payment Service Providers must update their platforms to facilitate 3DS 2.2 transactions and guide merchants.

The sunset of 3DS 2.1 is welcomed, leading to a more robust, user-friendly, and adaptable 3DS 2.2 protocol. This transition represents the payment industry’s commitment to staying ahead of fraudsters while providing seamless experiences for consumers.

As October 2024 approaches, all players in the e-commerce ecosystem must act proactively to prepare for 3DS 2.2 advantages. By doing so, they comply with industry mandates and position themselves at the forefront of secure and frictionless online payments.

Major card networks, including Mastercard and Visa, are driving the adoption of 3DS 2.2 through various mandates. For instance, Visa has mandated card issuers to use 3DS 2.2 from 14 September 2024. These mandates ensure widespread adoption of the new protocol across the payments ecosystem.

Explore our secure digital payment solutions and contact us for a smooth transition to frictionless online transactions.