In places where people spend money, there is always a risk of running into scammers. The internet is no exception. Rather, on the contrary: there are many more crooks here.
Burnt-out swindlers sitting behind bars find ways to connect to the network to steal money from respectable people. Even schoolchildren who have not been taught to respect the law, using imaginary anonymity, are happy to cheat on the Internet.
Therefore, the security of payments using a bank card in the virtual space must be at a high level. If the users themselves do not provide confidential information to scammers, they will not have a chance.
3D Secure technology is just about that. Payment authorisation is as reliable as possible, and you only need to worry about your own safety in online stores, where the user enters their card details.
The definition of a 3D-Secure
3D Secure – a technology that controls the security of payments made on the Internet. When paying for services or goods online, the user receives an SMS with a unique one-time password to confirm the transaction. 3D Secure is designed to minimise the risk of bank cards and online payment fraud.
3D is three independent domains used for payment authentication:
- Acquirer’s domain (the bank that serves the online store);
- Issuer’s domain (the bank that has issued the card);
- Compatibility domain (the domain of the corresponding payment system).
The technology was developed by Visa and MasterCard. When making an online payment, pay attention to the information about the Verified by Visa / MasterCard SecureCode standards. If the payment page does not support these standards, the service is not considered secure. Ikajo works with all global security protocols and meets the latest international standards in the field of payment protection. Each payment is protected by 3D Secure technology, including:
How does 3D Secure work?
Every time you make a payment / purchase on the Internet, to avoid fraudulent transactions, the mobile phone number associated with the bank card receives an SMS with a one-time password. To confirm the payment, you must enter the password from the SMS in the payment field.
The password from the SMS is only valid for a short period of time. After a few minutes, the system prompts you to request a new password. Important:
Do not tell anyone the password via SMS. Employees of the bank, payment systems, online stores do not have the right to be told the password under any circumstances.
Most bank cards offer the 3D Secure service automatically, but if your card does not have this protection, we recommend that you enable it.
3D Secure 2.0 and 3D Secure 1.0. What is the difference?
Although the 3D secure 1.0 data protection protocol proved to be possible, it required updating as more than 15 years have passed since its release.
The old version was updated to eliminate the existing shortcomings and improve the quality of use.
According to the developers, EMVCo company, the key difference between the versions is a significant improvement in the user experience and a decrease in the likelihood of fraud.
In the previous version, the user received a static password, now the transaction can be authenticated using a token or biometric data.
There will be no more redirects to a third-party resource for online and mobile transactions. You can complete the payment in the same window. Since the protocol supports omnichannel, the user experience is greatly improved.
The most important innovation is the introduction of Frictionless Flow
Frictionless Flow is a system that allows banks to approve transactions without entering data from the cardholder.
All this is possible thanks to the implementation of risk-based authentication.
Risk-Based Authentication (RBA) helps combat fraud by determining the level of risk for each financial transaction and what level of customer authentication is required for each transaction. RBA helps to secure your account not only from hacking, but also other types of online attacks and mobile fraud by matching authentication with a level of risk.
Thanks to Frictionless Flow, cardholders spend 85% less time on online transaction processes.
The cardholder’s bank can use this information to assess the risk level of the transaction and select the appropriate response. If the risk of fraud is below a predetermined threshold, a Frictionless flow is applied. In other words, if the risk of fraud is low enough, then the issuing bank will not ask for additional verification from the cardholder and will assume that the cardholder has authenticated. This eliminates the manual verification step that has always been required from cardholders in 3D Secure 1.
How will 3D Secure affect merchants?
The new protocol will also change the responsibility of online merchants in the event of fraudulent transactions. Issuing banks are responsible for chargebacks, which assess possible risks and authorise transactions.
Even if the merchant has installed the fraud prevention software on their own, do not underestimate the secure measures of issuing banks.
The bottom line
Overall, the second version of the 3DS protocol is a major improvement for everyone involved. It allows merchants to take full advantage of the protocol and provide security across multiple platforms, including mobile applications, with easy integration into their systems. It is also assumed that the number of abandoned carts after the application of 3DS 2.0 will gradually decrease – merchants will see an approximately 70% decrease, and the shopping process will decrease by almost 85%. Issuing banks will be able to exchange more data with merchants, which will enable them to better understand the customer’s payment path, more accurately identify risk, and therefore improve the authentication process. For customers, updates are perhaps the most beneficial. They can now provide secure transactions on more platforms. Transactions will be more secure thanks to the introduction of advanced security methods such as two-factor authentication. And the user experience will be greatly enhanced with seamless protocol flows through risk-based authentication.