What is 3-D Secure?
Whether you call it 3-D Secure, 3 Domain Security, 3D Secure, 3DS v2, or EMV 3DS, it is all about making online payments easier and safer.
EMVCo® is the payment industry’s global standards body responsible for securing payments; both in-person using the widely recognized chipcard and online using 3-D Secure, or now called EMV 3DS®.
3-D Secure adds authentication of the cardholder to the transaction process to make the payment safer and more reliable. When using a 3-D Secure checkout, a merchant is not liable if the transaction is fraudulent.
EMV 3DS v2 significantly improves the customer experience and reduces both fraud and false declines because 3DS v2 collects 10x the security data earlier 3DS versions did.
Who is Using 3-D Secure?
EMV 3DS is run by a board of directors from the six top global payment networks including American Express®, Discover®, JCB®, Mastercard®, UnionPay® and Visa®.
mSIGNIA joined EMVCo in 2015 to help create the 3DS version 2 specification and was elected by other Technical Associates two years later to act as a technical advisor to the EMVCo Board. mSIGNIA has been an EMV 3DS technology leader ever since.
There are about 175 developers who have over 300 products which are currently active and certified by EMV 3DS.
Using these EMV certified products, there are over 600 financial services companies which directly operate EMV 3DS certified products with many others using SaaS products to offer 3DS protected payments.
Nearly every payment service provider and bank (both acquiring and issuing banks) offer 3-D Secured payments, making EMV 3DS one of the largest online payment standards in use worldwide.
3DS is a Railing System for Data
Data is the new oil. Data is the key to mitigating risk.
EMV 3DS is unique in the cybersecurity standards world because 3DS enables data exchanges between multiple parties. Other cybersecurity standards are client / server centric, a simple one-to-one exchange. The payment process is very complex, in its most basic form, there are still 8 parties in an online transaction. These include the Consumer, their Device, the Merchant, their PSP, the PSP's Acquiring bank, a Payment network, and the consumer's Issuing bank, and their Risk scoring engine.
EMV 3DS is the railing system which moves data back-and-forth between the Consumer and the Risk Scoring engine.
If cybersecurity is challenging when a user logs directly into a web service, you can imagine the complexity of online transactions done between parties that do not know each other (consider a Japanese consumer and credit card buying from a UK online merchant!) Now consider all the possible channels for performing a transaction including browsers, apps, games, speakers, cars … truly the Internet of Things (IoT).
To manage all these possibilities, EMV 3DS recently defined a Split Client architecture which abstracts the complexity and chaos of the clients away from the cloud. mSIGNIA predicts the Split Client will usher in a new, SmartLink era of simplicity and security for not only online transactions but for IoT connectivity everywhere.
The best security is frictionless to allow users to easily and safely buy the products they want. Easy and safe is only possible when you can move the data required to manage risk; it is only possibly over EMV 3DS rails.
Payments... a Global Standards Effort
EMVCo 3DS is leading the safe payments charge, but they are not working alone. EMV 3DS works with the World Wide Web Consortium (W3C) and cybersecurity standards bodies like FIDO for biometric authentication to ensure that the EMV 3DS rails can pass the needed data in a way that does not disrupt the BUY experience.
Europe's Revised Payment Services Directive (PSD2) regulates the need for Strong Consumer Authentication (SCA) in payments. PSD2 SCA relies on 3-D Secure's ability to move authentication data across the payment ecosystem, so consumers are safe, and transactions are easy.