Menu

3D Secure 2.0 – New Improved Security Process for Merchants

Monday, 07 Mar, 2022

Today, each online merchant knows that secure online payments are necessary for effective ecommerce businesses. For the purpose of further improving the security, new methods of card authentication and user authentication under the European Payment Directive PSD2 have become essential than ever.

Often significant changes also bring a lot of questions for merchants. However, at PayCEC, we make sure that you will get all the support you need with this new improved security process.

What is 3d secure 2.0 What is 3d secure 2.0?

What is 3D Secure 2.0?

3D Secure 2 (3DS2) is a multi-level protection system provided by leading credit card organizations Visa, Mastercard, Amex, and JCB. This new platform is launched to comply with the legal structure of Directive 2 regarding European Payment Services (PSD2). The key goals here are to make online credit card transactions as safe as possible and to improve the conversion rate relative to existing 3DS implementations.

Haven't 3D Secure been around for a long time?

Yes. 3D Secure 2 guarantees that the user is actually the owner of the credit card as with the first generation. Nonetheless, the second generation brings with it some significant improvements: these include a new path to higher security level across a wider range of data, biometric authentication, and improved online experience, especially on smartphones. Additionally, the PSD2 also calls for a Strong Customer Authentication (SCA) and 3DS2 is the leading credit card company's reaction to this.

Differences between 3DS1 and 3DS2 (Source: Kilian Thalhammer / Wirecard) Differences between 3DS1 and 3DS2 (Source: Kilian Thalhammer / Wirecard)

Definition of Strong Customer Authentication (SCA)

Strong Customer Authentication (SCA) is a new standard for PSD2. In the past, customers may just need to enter their card number and the CVC. However, under the PSD2 regulations, details from two separate sources (also known as factors) would be needed to initiate payments. 3D Secure is a common security standard designed to avoid fraud in online credit and debit card transactions that will be used to apply SCA in all card payments.

When using 3DS1 in the past, online shoppers are required to set up a static password. Nevertheless, in the future, the issuers must ensure that authentication contains at least two of the following:

Definition of Strong Customer Authentication (SCA) Definition of Strong Customer Authentication (SCA)

Does 3d secure 2.0 have any impact on all payment methods?

Actually not. Just online payments from credit or debit cards and wallets are affected.

Related: What is PCI DSS?

How can PayCEC support merchants and online merchants?

At PayCEC secure payment system, we are updating our payment pages and developing new payment APIs that can enable excellent customer authentication. We also use the latest 3DS2 standard in our APIs and payment pages in order to reduce implementation changes for merchants.

We encourage the improvements of PDS2 since they allow European merchants to promote competition and thus innovation amongst financial institutions. In particular, PSD2 improves long-term payment protection, of which 3DS2 is a significant component and also enhances the widespread practical use of future-oriented technologies such as biometric payments.

There are many benefits for merchants compared to 3DS1 – here are the most important ones:

  • Higher conversion rates due to higher customer experience: Static passwords would be forbidden. In certain circumstances, transactions would be authenticated on the basis of historical and transactional data accessible to the issuer without the involvement of the cardholder. After a familiarization stage, the conversion rate will increase in the medium term as cardholders experience a frictionless flow.
  • Higher revenue due to improved acceptance rates: Thanks to the widespread implementation of 3D Secure, issuers would be able to accept more e-commerce payments than they had in the past. The general assumption is that the approval rates for such transactions will be as high as those for face-to-face companies.
  • Less fraud due to strong biometric authentication: The reason for the new standard is to encourage the data transfer between the merchant, the cardholder, the issuer of the bank (who receives the payment and then sends the amount to the merchant, minus the relevant fees) and the issuing bank (who verifies the transaction and, where credit is available, sends the authorization to the card network) in order to determine the risk of the payment. If the issuer wishes to challenge the transaction, the authentication can take place with TAN via SMS or automatically with biometric data.
  • Support in different devices: The new networking standard also offers a basis for digital authentication in order to make the process possible on a broader range of devices. 3D Secure payments can be run on mobile and other connected electronic devices in both application and browser-based solutions.

What are the special cases where SCA does not need to be used?

What are the special cases where SCA does not need to be used? (Source: Kilian Thalhammer / Wirecard)

What are the timelines for 3D Secure 2.0 (3DS2)?

PSD2 and SCA tend to make strong customer authentication compulsory in Europe, paving the way for the introduction of 3D Secure 2.0

By 2020 onwards, 3DS 2 is supposed to be launched globally. You will also be able to participate in a safer and more stable business with non-European Economic Area (EEA) customers, like all EU countries plus Norway, Iceland, and Liechtenstein.

If you have any questions, please contact us by email or regular mail at the following address:

PayCEC - Payment Center for Entrepreneurial Community

Read more:

Frequently Asked Questions

While in most cases the transaction will go through without issue, you will sometimes see the error message “3D validation failed”. This means that the cardholder did not enter their details correctly.

What does it mean if a payment is declined because of 3d-secure: Authentication failed? When this error message is displayed, it means that the shopper has failed to authenticate (probably entered the wrong password/code).

If the error remains, please contact your credit card issuer – which is usually a bank – for additional information.

Contact PayCEC for help.

Aside from 3D Secure online card payment, there are other safe ways to pay for ecommerce or online business transactions.

  • Paypal is an electronic wallet.
  • Apple Pay is compatible with Android Pay.
  • Samsung Pay is a service provided by Samsung.
  • Payments in crypto currencies
  • Internet banking in SEPA

The secure payment gateway provides payment services with a high standard of protection in online business. This system carries out transactions and verifies, accepts or declines payments transactions on behalf of a merchant. 

Most secure payment gateways can do this in a matter of seconds by following these steps:

Encryption: A secure payment gateway will encrypt (encode for private use) data for exclusive usage between the seller and the buyer - between the user's browser and the retailer's server.

Request: When a payment processor receives approval from a credit card company or financial institution to proceed with a transaction, it is known as an authorization request.

Fulfillment: Once the payment gateway has received authorization, the website and user interface can move on to the next step.

Payment gateways should ensure that merchants always get paid when a purchase is made, reducing the risk of fraud and credit risk.

The EU Revised Directive on Payment Services (PSD2) requires payment service providers in the European Economic Area to use strong customer authentication (SCA). To strengthen the security of electronic payments, the requirement requires that they be made with multi-factor authentication.

The European Banking Authority issued a statement on what approaches might be considered "components" of SCA. Secure in three dimensions SCA standards can (but are not usually) be met by 2.0. Mastercard (Mastercard Identity Check) and Visa have implemented 3-D Secure, which are marketed as facilitating SCA compliance.

To support authentication, e-commerce firms must alter their payment procedures on their websites and apps. Many payments will be refused once SCA is fully implemented if authentication is not supported.

Physical card transactions in the EU currently have what is known as "strong customer authentication" (Chip and PIN), but this was not the case for Internet transactions in the EU previous to the requirement's adoption, and many contactless card purchases do not employ a second authentication element.

3D Secure 2.0 is a secure online payment protocol that requires online buyers to go through Strong Customer Authentication (SCA) in order to complete a transaction, reducing fraud risk and protecting credit card information.

Apart from complying with PSD2's Strong Customer Authentication (SCA) requirements, the new 3DS 2.0 protocol has a number of advantages, particularly in terms of mobile payments. By being completely interoperable with mobile wallet applications and in-app transactions, the new design significantly improves the user experience on mobile devices.

How does 3-D Secure 2.0 work?

3-D Secure has been available for a long time, and it establishes an authentication data connection between digital retailers, payment networks, and financial institutions in order to analyze and share transaction data. The new 2.0 version of the technology allows merchants to submit an unprecedented number of transaction attributes to the issuer, which the issuer may use to verify customers more correctly without having to ask for a static password or slowing down commerce.

If you're experiencing problems making a payment, it could be because of a 3D Secure authentication failure or issue. 3D Secure is a layer of protection mandated by your bank, in which you must provide a password or an SMS code to authorize payment. There are issues with 3D Secure that might cause debit and credit card transactions to fail

  1. You currently have a pop-up blocker installed, which prevents you from accessing the supplementary 3D Secure page. Please disable your pop-up blocker for a few minutes before proceeding with your payment
  2. Your bank is currently not enrolled in the 3D Secure verification programme
  3. You could be in another country when your bank sends you a netcode SMS. You will not receive this SMS if you do not use the same phone number. If this is the case, please contact us and we will take care of it as soon as possible

Beside online card payment with 3D Secure, there are more safe ways to pay online for ecommerce or online business transactions. 

  • Paypal ewallet
  • Apple pay
  • Android pay
  • Samsung pay
  • Crypto currencies payment
  • Internet banking transfer with IBAN

This is a one-time use code generated by Secure technology from card issuers for card holders' increased security when it comes to online payments. By submitting the code at checkout, this 3D Secure method adds another layer of security to the cardholder's identification. It is frequently transmitted to the user's cell phone via SMS.

In some cases, if users pay with a smartphone, they can use other types of biometric customer authentication such as face ID, fingerprint ID or even voice ID. These technologies will be applied differently depending on the payment providers.

3D Secure™ - Three Domains Secure

3-D Secure is a protocol designed to be an additional security layer for online credit and debit card transactions. The name refers to the "three domains" which interact using the protocol: the merchant/acquirer domain, the issuer domain, and the interoperability domain.

The 3D Secure service is used in many card issuers like Visa, Mastercard, American Express, Discover or JCB, etc.

Card issuer brand 3D secure code brand
Visa Verified by Visa
Mastercard Mastercard Secure code
Discover ProtectBuy
American Express American Express SafeKey
JCB International
J/Secure

Learn more.

3D Secure Authentication reduces the risk of fraudulent transactions and decreases the number of disputed transactions by strict management systems involving 3 Domain Server from:

  • The merchant who provides goods or services.
  • The acquiring bank serving merchant.
  • And the issuer of the credit card.

It is the most innovative fraud prevention method available in the world of online business due to the ability to give extra protection to transactions and therefore boosts consumer confidence, which results in increased sales.

Read more:

3D Secure not only reduces the risk of fraudulent transactions, but it also mitigates the chance of disputed transactions. As a result of the added layer of protection, the number of rejected transactions is reduced, making payments much safer.

Learn more.

To enable 3D secure payment, your website should use a 3D secure payment gateway to integrate into systems and payment settlement. PayCEC is a 3D Secure payment provider that can help merchants activate 3D secure payment in different card payment methods with Visa verification, Master secure code and Amex safekey. Customers are protected by an extra layer of verification such as OTP or biometric authentication or private key.

PayCEC provides 3D payment gateway services for merchants to integrate the checkout platform into their websites to facilitate online card payments. Below steps help you understand the overview of a 3D secure payment process.

  • Step 1: The shopper chooses an item, and adds it to his/her online shopping cart.
  • Step 2: Customer places an order on merchant’s website by clicking the “Proceed checkout” or equivalent button.
  • Step 3: Website redirects to Checkout page of PayCEC and the customer is required to input payment information.
  • Step 4: OTP process - There is an OTP sent to the shopper's mobile phone and the shopper has to input the one-time-password to enable the transaction.
  • Step 5: The merchant submits the order to PayCEC 3D secure payment gateway.
  • Step 6: The PayCEC payment platform securely sends the transaction to the processor.
  • Step 7: The processor verifies and approves the transaction, and routes the transaction to the card association (Visa / Mastercard / American Express).
  • Step 8: The Card Scheme screens and forwards the transaction details to the customer’s bank, which is known as the issuing bank for approval.
  • Step 9: Approval/Denial is sent back to the Card association and processor and PayCEC payment gateway respectively.
  • Step 10: The merchant receives the message “Transaction Approved”, and the fund is deducted from the customer's bank and settled into the merchant’s bank account.
  • Step 11: The merchant gets paid for the sold item, and the shopper has got his/her purchase.

Learn more

Turn off 3D Secure:

No, You can't turn off 3D security. Since European legislation requires the implementation of strong authentication and since 3D Secure is the common standard, it will not be possible to disable this security standard. Please note that 3D Secure gives you an additional layer of security if your card is lost or stolen.

No, 3D Secure doesn't prevent chargebacks, but having it will reduce the number of disputed transactions. You can learn more about the benefits of 3D secure payment as below:

Disadvantages of 2D secure payment gateway and Why merchants should choose 3D secure counterpart

2D and 3D payment gateway are both virtual POSs (Point-Of-Sales), but the way they accept online card payments reflects their pros and cons. Here are some drawbacks when it comes to 2D secure payment gateway operation.

Cost for integration and maintenance fees are similar to 3D secure payment gateway.

It is easy to cause chargebacks, refunds or disputes due to lack of SCA (Strong Customer Authentication).

Negatively impact on revenue due to unsafe payment processing which customers are afraid of in the checkout step.

Reduce the reputation of merchants due to lack of fraud prevention mode.

As the above reasons, merchants should integrate 3D Secure payment gateway in order to enable acquiring online payments with FREE Setup fee from PayCEC and instant customer service support apart from email like 24/7 hotline, live chat on merchant account login, live chat on website, personal Relationship Manager contacts.

When businesses scale up globally, the 3D secure payment gateway is a compulsory factor to persuade international customers to make purchases. It is essential because international transactions itself contain a hidden risk rate. Not only the risk affects online shoppers but also merchants too. The 3D secure Payment gateway plays as a first line of defense against cyber crime in the financial and payment sector.

Dealing with chargebacks, refunds and disputes cost business handling time as well as operation cost while having no revenue on these issues. Due to the lack of SCA, payment problems easily occur and businesses would waste significant time on processing and it affects new customers acquisition.

At PayCEC, our team supports online SMEs and Startups integrate 3D payment gateway into their website to accept local and international online payments. We know that starting everything at the beginning is a tough time, and businesses need more support. That is why we help you with FREE integration setup fee and reasonable maintenance fee. On the other hand, SMEs still do not focus on specialization due to the shortage of resources, PayCEC team has a dedicated technical team who will guide you on every single step and care all the way you go.

Whether merchants integrate 2D and 3D payment gateway, they all help online businesses approach more clients on ecommerce. However, the ecommerce environment may have some gaps for fraudsters to attack online customers and even merchants. The more strong fraud prevention solution the payment gateway offers for merchants, the better trust and loyalty merchants earn from customers.

The primary advantage of 3D Secure protocol is that online shoppers are protected every time they go shopping online. They can control the purchases that they make online and confirm instantly. If a suspicious payment occurs, customers also receive OTP to their mobile phone or other mobile devices. By reporting the unauthorized transaction and not providing OTP, online shoppers are safe from financial crime attacks.

For merchants, the 3D payment gateway helps their business losses in terms of charge back policy. While an unauthorized transaction is prevented from proceeding thanks to 3D Secure Strong Customer Authentication, merchants can avoid selling products or services to non-liable buyers. As a result, return and refund will be under control and online businesses benefit most from this security operation.

Learn more

PayCEC understands the risk of being a fraud, that the reason why we provide a wide range of protection.

PayCEC payment gateway not only applies the 3D Secure and Payment Card Industry Data Security Standard (PCI DSS) but also provides real time risk management policy to protect our Merchants.

Read more:

3D Secure Code and Verified by Visa is a new security feature to protect your credit card against any unauthorized usage when you perform online transactions via the internet.

Read more:

The Media

Finextra One IBC Yahoo Finance
About us

who we are

about us

We are honored to serve as your reliable business partner and financial service provider in the industry and other business-related services. With the help of our professional staff, to help merchants to achieve their goals for the development and expansion of the international business market.

Our payment flow has developed in the e-commerce world to perform seamlessly and effectively across all platforms and devices. We take pleasure in combining technology with customer service, to solve your concerns at the moment.

PayCEC is a fully worldwide payment network that not only allows merchants to be paid immediately and securely, but also allows them to withdraw money in multiple currencies to their company accounts.

We will contact you shortly.

Email Phone
Scroll top