26 Sep, 2019

3D Secure; what is it and why should you care?

What is 3D secure?

Originally launched by VISA way back in 2001, 3D secure is the system that the majority of card providers use to try and protect both customers and retailers when an online transaction takes place.

So how does it work?

When a customer tries to buy something on an ecommerce site that is using 3D secure, they will be redirected to their card provider’s website, before their transaction is actually processed, in order to confirm that they are who they say they are.

This confirmation is achieved when the customer correctly submits either a password or an authentication code on their card provider’s website. Once this information is accepted by the card provider, the transaction is then processed and the customer is redirected back to the retailer’s website.

Now, fast forward a few (nearly 18) years and we have the arrival of 3D Secure 2.0. This new version of the system is focused on delivering a better user experience, bringing the system inline with other developments in the digital industry, using enriched data to authenticate transactions in the background and enabling authentication to happen on any device, including IoT devices.

But, why should you care?

If you cast your mind back to January of 2018, you may remember that the new EU Payment Services Directive also known as PSD2 took effect. PSD2 is a follow up to the original Payment Services Directive (PSD) and it is aimed at introducing extra security authentications for online purchases and trying to reduce fraud.

These extra security authentications or Strong Customer Authentication (SCA) requirements to give it the official title, mean that from March 2021, all ecommerce transactions will need to be processed using a secure industry protocol call like 3D secure 2.0.

What should you do now?

Originally the need for strong customer authentication was due to come into force on the 14th September this year (2019) but now the Financial Conduct Authority (FCA) have announced an 18-month extension giving businesses up until March 2021 to get compliant with PSD2.

Our advice is to get compliant sooner rather than later too, not least because if you miss the March deadline, you could end up seeing payments declined and that’s bad news for your customers and even worse news for your business.

On top of that, the introduction of 3D Secure 2.0 as a way of meeting the SCA requirements could impact your checkout process, so you may need to think about how this works, especially if your business stores card information and charges them later.
It’s not all red tape and bad news though, in most cases, a 3D Secure can easily be incorporated into your existing checkout process and several of the big payment gateway providers such as SagePay and Stripe are already doing their bit to help.

Fair warning, if you’re not compliant with the new initiative there will be consequences as your transactions may not be processed, so if you need help, let’s talk it through over a brew and a few biscuits.