INFORMATION FOR MERCHANTS ABOUT THE NEW 3D SECURE 2.0 PROTOCOL

The announcement of the new 3D Secure 2.0 process (3DS 2.0) by the EMVCo has unsettled many players in e-commerce in recent months. On this page you will find everything you need to know about the new

procedure and what you have to do to be prepared for the launch of 3D Secure 2.0 on September 14, 2019.


Content

3D Secure and 3D Secure 2.0 at a glance

How does 3D Secure work so far?

The globally standardized 3D Secure Protocol (3DS), which was introduced in 2002, offers merchants and consumers additional security for credit card transactions. With this procedure, online shoppers verify themselves to their card-issuing bank (issuer) as legitimate cardholders. In contrast to a normal credit card payment process on the Internet, 3D Secure requires an additional security code. This makes the misuse of credit cards much more difficult.

 

How does 3D Secure 2.0 differ from the previous method?

 

Essentially, 3D Secure 2.0 is a refinement of the previous 3D Secure protocol. Each credit card order triggers the transfer of up to 100 data points to the issuer; based on these data points, the issuer performs a real-time risk assessment. If a transaction is classified as low-risk, it can be authorized directly and without further interaction by the buyer. However, if fraud is suspected, the buyer is requested to confirm his identity again, for example by SMS or e-mail. The risk assessment takes place in the background and is not perceptible to the buyer. The collection and forwarding of the necessary data takes place both via the merchant's shop backend and via the Payment Service Provider (PSP), which connects 3D Secure 2.0 to the respective shop.

When and why will 3D Secure 2.0 be introduced?

The declared aim of introducing 3D Secure 2.0 is to meet the requirements of Strong Customer Authentication (SCA) and to establish it as the standard for electronic payment procedures from 14 September 2019. On the other hand, the introduction is also intended to reduce the percentage of cancelled purchases: Thanks to the individual, data-based risk assessment, transactions can be cleared directly and without further buyer interaction in approx. 95 percent of all cases - in future, the majority of purchases will therefore take place without entering a 3D Secure Code.

 

What you need to consider:

Option 1: You are a Computop customer and use Computop forms

  • If you use the credit card data forms hosted by Computop in the checkout of your online shop, incoming transactions are automatically processed using the new 3D Secure 2.0 protocol. However, in order for your buyers to enjoy the benefits of the new procedure (no manual 2F authentication), additional data from your shop system must be transferred to our Paygate.
  • Together with your development department, estimate the personnel and financial resources required to collect the necessary data in the shop backend and transferring it to our payment interface.
  • If you want to fully integrate 3DS 2.0, including shop data, by autumn 2019, Computop will be able to support the connection via the Paygate interface without any problems.

Option 2: You are a Computop customer and use the post- or server-to-server method.

  • If you are connected to our Paygate in any other way (e.g. via the direct-post- or server-to-server procedure), please contact us immediately. To ensure that all credit card payments in your shop can be processed without exception, your integration must be adjusted by 14 September. Of course, our technical support will support you with the timely implementation.

Important downloads and resources

German content: bevh-Webinar with Ralf Gladis: "How to save your conversion when two-factor authentication is coming!"

Frequently Asked Questions (FAQ) for Technicians and Integrators

Frequently asked questions (FAQ) for ecommerce managers and decision makers


If you have any questions, our support team will be happy to assist you.

Kontakt Support UK

 

Fon: +49 (0)951 98009-39
helpdesk(at)computop.com

Changelog

13.06.2019
  • Downloads: Added "Legal information regarding GPDR" to "Important Downloads"
  • Content: FAQ about COF/COF-Flows removed; here we are working on a new, more convenient solution
  • Content: RSS feed added; you can now subscribe to the changes on this page via RSS
  • Content: bevh-Webinar with Ralf Gladis added to "Important Downloads and Resources" (german content)
20.05.2019
  • Content: New category "Changelog" added
  • Content: Clarification of content in the area "What you need to consider".
  • Content: Two new FAQs for technicians and integrators on CredentialOnFile (COF)
  • Content: FAQ for technicians about Account Verification (AccVerify) revised
  • Content: Three new FAQs for ecommerce managers and decision makers
  • Downloads: New version of technical documentation available (version date: 20.05.2019); changes: New content regarding Authenticaion-only was added, different status values were adjusted and the parameter MsgVer was introduced.