Digitalization has simplified many aspects of our day-to-day lives: communicating, banking, traveling, organizing, shopping. However, as our lives have gotten easier, so too has it become easier for cyber criminals to gain access to our personal data and sensitive information. As we conduct more and more business and transactions using our computer and mobile devices, there are more streams of data in transit. Protecting the transfer of this data is pivotal for guaranteeing not just the ease of our online activities, but also their security.
Digital payments are an especially easy target for fraud. Back in the 20th century when we made analog purchases in shops or at specific locations, there was already a rudimentary two-factor authentication in place: the merchant (salesperson) used something we had (our credit card) and something we are (our signature) to verify our identity and ultimately authenticate a payment. When shopping moved online, there was no longer a 2FA verification process. Anyone with our credit card number could use it to make a purchase. It was this risk that gave birth to 3-D Secure: a method for safeguarding online payments by creating a new second authentication factor, a unique pin or code number.
The mechanics of online payments with 3-D Secure
There are plenty of ways to make purchases online: gift certificates, direct bank transfers, even Bitcoin. However, the most common form of payment remains the credit card. And even when transactions are processed through payment providers (like PayPal or Stripe), credit card companies carry the brunt of the financial responsibility for security gone wrong. This was the primary impetus for credit card companies to develop an added layer of security for online payments.
Here’s how it works:
- You, the customer, make an online purchase and provide the merchant (e.g. Amazon) with your payment information or scheme (credit card, PayPal account, etc.).
- The acquirer, in this case the merchant’s bank or entity authorizing transactions, requests the transaction from the scheme.
- The scheme contacts the issuer (the bank, which has issued the customer credit card) to approve the payment.
- Now it’s time for 3-D Secure! At this point, the merchant is redirected to the issuer’s website to provide an additional security code: a (static, reusable) password or (dynamic, single-use) SMS verification code.
- Once the customer has been verified, the issuer approves payment if the customer has sufficient available funds.
With 3-D Secure, customers can be sure that their credit card information is not being used to make unauthorized purchases and merchants and credit card companies can forgo the time-consuming and economic burden of fraudulent purchases. Creating a safer environment for online shopping is a win-win for everyone involved.
3-D Secure 2.0: easier and safer
3-D Secure offered the essential added layer of security that was missing from online shopping. However, what it failed to provide was the same degree of ease. Transfer errors that disrupted transactions and forgotten passwords led to frustrated customers and lost sales. It was in the best interest of credit card companies to resolve these issues. When the ECB introduced upgraded regulations for enhanced authentication processes in 2019, credit card companies responded with 3-D Secure 2.0, an easy AND safe way to perform online transactions.
The primary difference between 3-D Secure and 3-D Secure 2.0 is the second authentication factor. Rather than relying on a password (which users have to always keep in mind) or an SMS (which comes with added costs) and the cumbersome process of redirecting transactions, 3-D Secure 2.0 lets the issuer perform the authentication process using 2FA on the website or app where the purchase is being made. And thanks to advancements in our digital devices, this second factor can be biometric factors like facial recognition or fingerprint scanning.
So how does the process change? Let’s look at step four of the payment process above to see:
- Now it’s time for 3-D Secure 2.0! At this point, the merchant is prompted with a push notification or pop-up to provide an additional authentication factor: a fingerprint, a facial scan, or a PIN code.
That’s it! 🙌
Furthermore, 3-D Secure 2.0 allows for an exchange of rich data (e.g. geolocation, previous purchases, device being used) between the merchant and issuer. This reduces the level of fraudulent usage risk to the issuer and increases the likelihood of the payment being authorized.
Convenience and security as a service
Nowadays, with the plethora of similar services and products on the market, the best way for companies to distinguish themselves from the competition is by creating a seamless, enjoyable, and safe customer experience. By eliminating as many potential obstacles and security vulnerabilities as possible, companies can offer a comfortable and safe online shopping environment. This is not only in the best interest of customers, it’s also essential for sustaining growth and longevity in a competitive market.