3D Secure was first introduced in 2000 as a technical standard to protect consumers and merchants from payment fraud with a layer of security for all online payments. As cybercrime evolved, however, so too did the availability and sophistication of technology for mitigating the risk of fraud.
Version 2.0, introduced in 2016, made provision for more contextual data to be sent to the issuer, resulting in a far less intrusive version of the specification and an overall better checkout experience.
Now, as the payments industry continues to advocate for safer, more frictionless authentication of e-commerce payments, days are numbered for the protocol’s earliest rendering. All major card networks will finally sunset the use of the 3D Secure 1 and only support EMV 3D Secure 2.1 or higher.
Here are all the important sunset dates to keep in mind:
- October 14, 2022: American Express will terminate SafeKey 1.0 worldwide, except in India. All Secure payments will be processed through the EMV 3DS 2.x flow.
- October 15, 2022: Visa will stop supporting 3D Secure 1.
- October 18, 2022: Mastercard will decommission 3D Secure 1.
- October 13, 2023: American Express will terminate SafeKey 1.0 in India.
Merchants most affected by 3D Secure 1 sunsetting
If they’ve not yet done so, it’s critical that merchants switch over to EMV 3D Secure as soon as possible. After October 15th, they will no longer be able to run transactions using 3D Secure 1 and any authentication requests submitted using the old capability will fail.
This, in turn, will put the full liability of the transaction on the merchant themselves if any fraud occurs.
The good news is that it shouldn’t be difficult for merchants to migrate to 3D Secure 2. For merchants in South Africa, for example, payment service providers (PSPs) are facilitating this upgrade. Most other merchants should be able to follow this same route with their PSPs.
Implications for card issuers
Issuing banks are also affected, albeit slightly differently. They need to ensure that their 3D Secure access control servers (ACS) are compatible with EMV 3D Secure (3D Secure 2) to avoid non-compliance scenarios.
A great ACS should always ensure issuers are at the forefront of both security and compliance while enabling them to reap the benefits of a frictionless checkout experience for their customers. Good experiences reduce cart abandonment rates, in turn increasing transaction success and, of course, revenue.
Only a handful of ACS vendors provide all this, and Entersekt is one of them.
Entersekt’s 3D Secure ACS: beyond compliance
At Entersekt, our world-class payment authentication solutions are designed to meet modern payment needs, and our 3D Secure ACS is no different.
Yes, we ensure our ACS is always 100% up to date and compliant with EMVCo requirements, but it’s so much more than that.
It is quick to deploy, meaning fast time to market, and offers authentication speeds of up to 10 times faster than SMS OTPs.
Because our solution can match the look and feel of issuing banks’ interfaces, customers are already familiar with the UX and UI when they’re being authenticated, helping to build trust, reduce friction at checkout, and increase the likelihood of transaction success.
In fact, while the European average authentication success rate is currently at 76%, our 3D Secure customers achieve success rates of over 85%.
What’s more, while the majority of vendors still view authentication as one-size-fits-all, Entersekt offers more control and configurability over user journeys. Our partnership with NuData Security enables our ACS to generate separate risk profiles and authentication experiences for each cardholder. In most cases, the process can even happen silently for the cardholder, with a step-up action only required when risk is detected.
Learn more in our 3D Secure ebook, or get in touch to explore the game-changing benefits of our 3D Secure ACS!