Contact us


In-App authentication shouldn't be an option, it's a must-have: 3D Secure 2 Expert Interview

3D Secure 2 is a fully PSD2 compliant solution for ensuring online payment security. It has made quite a leap in regards to the previous version of the protocol. The most notable changes are concerning mobile and In App purchasing. We sat down with our product manager for Trides2 portfolio, Dubravko Kovačić, and had a talk concerning the latest 3D Secure version and In-App authentication.

3D Secure 2 is a fully PSD2 compliant solution for ensuring online payment security. It has made quite a leap in regards to the previous version of the protocol. The most notable changes are concerning mobile and In App purchasing. We sat down with our product manager for Trides2 portfolio, Dubravko Kovačić, and had a talk concerning the latest 3D Secure version and In-App authentication.

3D Secure 1 was first launched in 2001 by VISA, motivated by achieving payment security in the online ecosystem. The idea was good, but the execution not so much. Since it was not mandated by card schemes and due to poor user experience, the whole project resulted in very low adoption by card issuers and acquirers. Moreover, merchants who were willing to adopt 3DS1 suffered losses caused by increased cart abandonment rates. The reason being, again, bad user experience during online checkout.

In-App Payment Authentication

It was evident that a change was much needed. And that change happened in 2017 when the 3DS2 protocol was published. The primary motivation was to improve the previous version's performance and adapt to the fast-growing mobile commerce market.

1. Hello Dubravko! To kick off our interview, could you share more details on the most notable improvements regarding the shift from 3DS1 to 3DS2? 

Sure. 3D Secure 2 brings us the so-called ''frictionless transactions''. This means that the cardholder is no longer required to go through all of the authentication steps present in the previous version of 3D Secure technology. Thanks to Risk-Based Authentication, additional authentication steps are eliminated if a transaction is assessed as low-risk. A prerequisite for conducting such risk analysis includes collecting both transaction and cardholder data.

Nowadays, consumers are proficient at online shopping, and there is significant growth when it comes to the use of mobile. Smartphones are a big part of the online shopping ecosystem and demand high levels of online payments security. 3D Secure 2 enables support for full In-App authentication experience during an online purchase. By implementing 3DS Mobile SDK, the cardholder is no longer bothered with suspicious web browser redirects and is able to experience a seamless checkout experience.

2. To my understanding, merchants are also greatly benefiting from the new version of 3D Secure. Can you give us a comparison of the previous mobile authentication flow in regards to the upgraded version?

In fact, the first version of 3D Secure did not support mobile applications at all. When 3DS1 was launched, no such thing as a smartphone app existed. We are talking about 2001. Nowadays, the backdoor is redirection to web browsers at the payment step, followed by another redirection at the 3DS authentication step within the checkout.

Such authentication flow, containing multiple redirects, disturbs the cardholder for a number of reasons. Firstly, the end-user needs to maneuver between multiple pop-ups, which tends to make the authentication process confusing, difficult to follow, to say the least. Secondly, with the growing online payment fraud awareness, consumers find such flows suspicious and are likely to abandon the purchase altogether.

With 3D Secure 2 and 3DS Mobile SDK built-in merchant application, the cardholder is able to pass through all of the mentioned authentication steps without leaving the app. This makes for a streamlined In-App authentication process and contributes to an impeccable user experience compared to the first version of the protocol.

3. Sounds like quite a leap, in a good direction ofcourse. Which components are responsible for enabling such frictionless payments?

There are two main benefits for cardholders and merchants when using 3DS Mobile SDK. As mentioned, the first benefit is a smooth and fast checkout process within the mobile application. Tedious redirects between web browser screens are history. Also, when checkout and In-App authentication are initiated, mobile SDK participates in the collection of various transaction, device, and application data (IP address, device ID, geolocation, etc.). This is necessary for conducting a more precise risk analysis mentioned earlier. All of the mentioned factors participate in assessing the risk of a particular transaction. More data means more accuracy. Therefore, issuing banks, who are responsible for risk scoring, can be more confident in granting frictionless authentication.

4. Talk us through the implementation and onboarding process of 3DS2 Mobile SDK. Is the mobile app able to do business as usual, or are there any delays caused during the integration process?

3DS Mobile SDK is in the hands of mobile app developers. Integration of SDK in their mobile applications is their ''business as usual''. Also, they are able to test the 3DS process using our 3DS test server available to third-party developers and 3DS integrators.

5. Got it. In your opinion, what are the most notable benefits mobile SDK brings, business-wise?

3DS SDK enables a better checkout user experience, which is top of the list when it comes to purchase abandonment reasons. Also, it contributes to a more accurate risk assessment due to the wider set of acquired transaction and device data. More confident risk analysis results in a higher rate of frictionless transactions, again providing a better user experience.

In addition, it is important to mention that 3DS2 generally brought us more advanced authentication methods, including biometrics.

6. SDK sounds like a bundle of perks for both merchants and cardholders. How does Trides2 portfolio fit into this 3D Secure 2 story?

Trides2 portfolio covers all 3D Secure software components needed for all online payments stakeholders. This includes Access Control Server with risk scoring for card issuers, 3DS Server for acquirers and payment service providers, and 3DS SDK for mobile app merchants. We also provide 3DS Test Tool for each of the mentioned components, regardless of independent testing or end-to-end 3D Secure transactions.

ASEE is a pioneer in 3D Secure, dating back to 2004 with 3DS1. This means 17+ years of experience in this area. In the past two years, we have supported 50+ banks, payments processors, and payment gateway providers in migration from 3DS1 to 3DS2, upgrading the authentication methods from signature and SMS OTP to PSD2 compliant methods such as mobile OTP, push notification, and biometrics.

7. I see, Trides2 is truly a one-stop-shop for 3D Secure 2. To finish off, we would like to hear how do you view the future of online payments and how does 3DS2 fits into that future?

All merchants, especially online merchants, are aware that today's buyers are very demanding. Fast and smooth service is the top of their priorities. Keep in mind that online buyers are mostly millennials and gen z, who are notorious for impatience and wanting everything to be over in just a few clicks. Having this said, In-App authentication will have to rely on efficient risk scoring in order to minimize the buyer's effort. When authentication is truly necessary, it will be based on behavioral authentication and AI analytics, enabling, again, authorization without the buyer's action.

eCommerce Apps Guide: Striking a Balance Between Security and User Experience

As a dedicated guide for eCommerce app owners and merchants this eBook covers m-commerce security best practices and provides turnkey solution for in-app payments security. 

To find out more about Trides2 portfolio, contact us or visit our blog section.  

Want to learn more about cybersecurity trends and industry news?



chevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram