Leveraging 3DS 2.2 solutions for enhanced compliance

Created to help protect credit and debit card payments, 3D Secure (3DS) provides an extra layer of data authentication to yield more secure transactions for merchants and customers.

Understanding 3DS 2.2: A new era in payment security

3D Secure was introduced over 20 years ago to better protect credit and debit card payments. It was created by Arcot Systems, a payment authentication network, and was first adopted by Visa.

What does 3DS stand for? “3D” refers to the three domains needed to verify a transaction: the merchant or acquirer domain, the issuer domain, and the interoperability domain.

Using these three domains helps enhance the authentication process. In the case of fraud or chargebacks, 3D Secure can also shift the responsibility for chargebacks from the merchant to the card issuer or bank.

When 3D secure is enabled at checkout, customers are asked to authenticate their account with the card issuer,such as by entering a passcode provided by their bank or answering a security question.

The transition from 3DS 1.0 to 3DS 2.2 and its significance

The first major update to 3D Secure — 3D Secure 2.0 — didn’t launch until 2016. 3D Secure 2.0 is also known as EMV 3DS because Europay, Mastercard, and Visa (EMV) joined together to create this new standard.

3DS 2.0 brought major changes to the 3DS verification process, especially for mobile users — because 3DS 1.0 was largely created for desktop users before smartphones and mobile payments began to dominate the retail space.

Some of the most significant differences between 3D Secure 1.0 vs. 3D Secure 2.0 include:

• Better mobile experiences. 3DS 1.0 often used intrusive pop-ups and website redirects, which frustrated shoppers and led to cart abandonment. With 3DS 2.0, merchants could use native software development kits (SDKs) to build more streamlined user experiences across mobile devices and apps.
• Frictionless checkout. 3DS 2.0 allows banks to use more data points — beyond just customer passwords — to automatically authenticate transactions, streamlining the checkout process and reducing false declines. They may include email addresses, billing addresses, card network tokens, and biometrics.
• Improved compliance. 3DS 2.0 satisfied Strong Customer Authentication (SCA) requirements set by the Payment Services Directive 2 (PSD2) for the European Economic Area (EEA). Meaning, it helped improve regulatory compliance for EU merchants.

Key enhancements in 3DS 2.2: Elevating the payment experience

3DS 2.2 brings several enhancements to 3D Secure, further streamlining the checkout experience and helping reduce transaction expenses.

To start, 3DS 2.2 offers optimized support for a variety of devices, including mobile devices, PCs, consoles, and even digital televisions, minimizing friction no matter where customers shop. In fact, there are over 230 million connected TV users in the US, according to eMarketer.¹ So it's no surprise that major retailers are experimenting with shoppable TV ads to reach engaged viewers and reduce steps to checkout.²

Advanced risk analysis with enhanced data utilization

3DS 2.2 allows merchants to pass more than 100 data points to card issuers — a significant increase from the eight data points available with 3DS 1.0. This allows issuers to better assess the risk level of each shopper and make more informed decisions in the authorization process.

Aligning with regulatory standards: 3DS 2.2 and SCA compliance

3DS 2.2 remains fully compliant with PSD2 and the SCA requirements in the EEA. This means EEA merchants can continue meeting regulations for online payments as they adopt this new standard and undergo any card network updates.

Developing strategies for exemption and frictionless transactions

Businesses can leverage new 3DS 2.2 features like delegated and decoupled authentication as well as 3DS Requestor Initiated (3RI) to provide a secure checkout experience.

Here's a closer look at how these features can help improve payment security and yield frictionless transactions:

• Delegated and decoupled authentication. Select European merchants can authenticate transactions on a customer’s behalf, such as for recurring subscriptions or split shipments in which a customer cannot immediately complete the authentication process.
• Support for exemptions. Merchants can submit exemptions for certain transactions as outlined by the SCA regulation. This means they can use their own risk analyses to approve transactions and speed up payment processes.
• Expansion of 3RI. Merchants can authenticate shopper information even when the customer isn’t present to enter their payment details, such as for installment payments or buy now, pay later transactions.

Braintree’s pioneering role in 3DS 2.2 integration

As an innovator and pioneer in online payments, Braintree will continue to help merchants streamline customer experiences and drive revenue. To that end, PayPal is expanding its Braintree 3DS 2 offering to support many new 3DS 2.2 features.

Learn more about how Braintree’s payment innovations can help merchants navigate this new era of payment security.

The Braintree 3D Secure Rules Manager: Customization and control

The Braintree 3D Secure Rules Manager allows merchants to tailor 3D Secure to their specific business needs without spending any developer resources. With this tool, merchants can create business-specific rules for when and how 3DS is invoked directly from the Braintree Control Panel. Almost 90% of EU Braintree users say that the platform’s customizable interface and checkout flow have met or exceeded their expectations.³

For example, a merchant may want to protect their business from excessive chargebacks. They can use 3D Secure Rules Manager to apply 3DS on transactions above a certain payment threshold and shift liability to the card issuer. Another merchant might want to reduce cart abandonment and increase conversions. They can use 3D Secure Rules Manager to request exemptions for certain types of payments and skip 3DS when applicable, creating a more frictionless customer experience.

Why Braintree's 3D Secure stands out

PayPal Braintree 3D Secure provides merchants with a range of benefits, including fraud prevention, optimized payments, and enhanced security. In fact, 84% of EU Braintree users agree that the platform offers an advanced approach to data security.⁴

Here's a closer look at the key features of Braintree 3DS 2:

• Ecommerce fraud prevention. 3DS serves as a robust fraud prevention tool, using two-factor authentication and additional data checks to verify transactions.
• Chargeback fraud protection. 3DS authentication transfers the responsibility for chargebacks from merchants to card issuers. Meaning, merchants won’t be liable for funding certain chargebacks.
• Compliance with regulations. Braintree is compliant with the PSD2 mandate and SCA requirements, ensuring issuers meet regulatory standards.

Prepare for the future of 3DS payment processing

The new 3DS 2.2 protocol is set to bring key enhancements to 3DS 2, transforming the online payments space. From improved risk scoring to delegated authentication, these features can help merchants maximize revenue and reduce fraud.

Braintree is rolling out customizable tools to support these features and empower merchants to navigate this new era of ecommerce security.

As you prepare for the future of online payments, consider Braintree’s 3DS 2.2 solution to help streamline compliance and deliver more seamless customer experiences across devices.

Learn more about how PayPal can help you prepare for the future of payment processing.