3DS2.0 New Cross-border Payment Experience


With the continuous increase of outbound tourists and the rapid growth of cross-border e-commerce, overseas shopping and payment have become more common, and online transactions with credit cards have grown (as shown below), together with growing credit card fraud activities. In 2019, an advanced credit card transaction authentication system based on big data technology, 3-DomainSecure 2.0 (3DS 2.0 for short), was launched. Cardholders can know immediately when the transaction behavior is abnormal, spare the trouble of authentication, having a more friendly payment experience.


Credit card is the most convenient choice for overseas online shopping. The payment used to require OTP (one-time password) authentication. However, with the 3DS 2.0 advanced authentication, the system determines the authenticity through big data, which saves the trouble to enter OTP password. For example, check whether the transaction is made in a new place, or whether the transaction is made on a new device, help customers complete the transaction quickly and safely without entering passwords; in the future, biometric verification will be used for better balance of convenience and security.


In October 2016, EMV Co. officially announced the specifications of 3DS 2.0. International organizations like Visa, MasterCard, JCB, AE, and DISCOVER have adopted the 3DS 2.0 standard formulated by EMV. UnionPay International also joined EMV Co. to promote 3DS 2.0 online transaction of UnionPay card.
International credit card organizations VISA and Mastercard have standardized 3DS 2.0 advanced authentication mechanisms for global banks since 2018, replacing the 3DS 1.0 standard that has been in practice for more than 15 years. Liability shift takes effect in April 2019, and issuing banks required to enable 3DS2.0 in 2020.


Compared with 3DS 1.0, the new 3DS 2.0 is not just a simple update version, but an overall upgrade of the existing 3D certification system. 3DS 2.0 has improved greatly in usability, security, and customer experience, mainly in the following three aspects:

1. Identifying transaction risk with more diversified data for safe transaction
3DS 2.0 uses various data (such as device feature number, biometric characteristics, location data, etc.) and more complex algorithms for the security of transactions, thereby assisting issuers to make more accurate transaction risk decisions. The risk assessment method of 3DS 2.0 is more effective than 1.0 version, but requires the whole payment ecosystem (card organization, issuing bank, merchant, acquiring bank, and cross-border payment service provider) make changes to adapt to the new system. At the same time, EMVCo has made frequent update of old versions, with versions 2.1, 2.2 and 2.3 about to come out.

2. Optimized 3D authentication process for better customer payment experience
In the 3DS 1.0 era, consumers often have problems with two-factor authentication: unable to receive SMS verification code, not redirected back to the store page, security script blocked by popup blocker, or the non-responsive layout page developed by issuer cannot be automatically adapted to smartphone. These problems have troubled consumers and directly led to a decline in the rate of successful payment.

3DS 2.0 supports better data interaction between merchants and issuers. Compared with the mandatory redirection for authentication under 1.0, 3DS 2.0 allows for uninterrupted authentication process by completing the authentication without being redirected to another page. It is expected that, with upgrade of 3DS 2.0, cardholders can complete the payment with fewer authentication steps in about 95% of transactions.

In case of high-risk transactions, 3DS 2.0 still requires consumers to provide more information for authentication. Apart from PC browser, 3DS2.0 adds new software development kit (SDK) to support IOS/Android platforms, which provides different interface services for diverse terminals (especially mobile phones, tablets, etc.). On the other hand, its customized authentication page also makes for better payment experience.

3. Higher rate of successful payment with 3D authentication
3DS 2.0 uses a more accurate risk assessment mechanism, provides a more user-friendly experience and optimizes the data interaction process to shorten the authentication response time, so it is foreseeable that with the upgrade of new version, the rate of unsuccessful payment will be greatly reduced compared with version 1.0. In addition, the proportion of cardholders refusing to pay will be reduced and merchants can enjoy liability shift.

Difference between 3DS 2.0 and 3DS 1.0

Version 1.0 2.0
Compatible with PC browser PC browser
Mobile phone browser
App
Risk N/A Yes: RBA
Authentication process Challenge Flow Frictionless Flow
Challenge Flow
OOB Flow
Authentication method Dynamic OTP
Static password
OTP
Third party App
Fingerprint identification
Face identification
Information processing Poor: repeated redirection Good

HiTURST is the leading EMV 3DS solution provider in China. Almost all issuing and acquiring banks in China use HiTRUST 3DS 2.0 system construction and consulting services. Former VISA General Manager, HiTURST Director Mr. Chen Junren said: EMV 3DS not only provides protection for credit card transaction, but the underlying big data can be used as an important resource for banks and merchants to know your customer. HiTRUST will introduce artificial intelligence (AI) calculation tools to dynamically analyze big data and apply it to various scenarios of banks and merchants to reduce risks and operating costs. At the same time, it meets users’ personalized financial service needs. For example: redeem reward points for smart risk control, smart financial product recommendation, insurance products, microcredit, smart marketing, etc. It provides the most powerful risk management tool for cross-marketing between banks and merchants.

For more information about EMV 3DS product and service, go to www.hitrust.com.cn.