This weekend saw the card processors close the doors on the first secure payment authentication mechanism, 3D Secure V1. The new standard is 3DSV2 and e-commerce sites, and their payment gateways should have converted already, or face rejected payments.
The last few weeks have seen e-commerce site owners being sent their final reminders, resulting in more than a few “what does this mean, can you check my site” support requests from our Care Plan customers.
Incredibly, 3DSV1 has been with us since 1999 but hasn’t evolved much in that time.
3DSV1: Good for card issuers, not great for users
If a transaction was flagged as suspicious then a popup would appear asking for a password.
If you felt this was clunky, you would not be alone, but need to remember smartphones had not even been invented when this was conceived. At best is could be annoying, at worst it would be practically unusable, leading to customers abandoning their website purchases.
Another problem was it was based on a static password – often forgotten by users and itself a prime and valuable target for hacking.
The popup box could be spoofed too, duping users into giving up the password with the card number and other details.
3DSV2: Frictionless approvals
In 2016 the second-generation authentication approach was presented, 3DSV2.
Card issuers can be sent more data about the transaction, allowing for a more seamless process for card approvals.
Rather than a static password it uses 2FA mechanisms, such as an SMS message or handoff to a banking app for biometric approval so is much more user-friendly and secure.
Easier to use, better for merchants and more secure – a big improvement until Open Banking removes the need for cards in the first place.
If you need help with your ecommerce setup or advice on payment gateways and taking payments online, send a request into the ServiceDesk.
If you are not a customer, drop us a message to see how we can get your website working harder for your business.
