Payment security for online card transactions have come a long way since its early days when the first version of 3D Secure, a security protocol designed to protect online card-not-present (CNP) transactions, was first launched in 2001. Given the limiting factors of the protocol design, such as difficult-to-remember authentication prompts and confusing web redirect experiences that resulted in legitimate customers dropping out of the payment flow,

Infinitium pioneered the development and roll-out of Dynamic Authentication for 3-D Secure with One-Time Password (OTP) in the ASEAN region, which helped boost confidence among consumers and merchants and in turn drove adoption of e-commerce in the region.

With rapid progress of mobile technology and the rise of data age, the habits of online shoppers have evolved over the last decade as mobile devices become more prevalent. Customers have expanded platforms to engage in payments, from web browser to mobile apps and even connected devices. When a consumer is making a digital purchase not in a traditional store, verifying the transaction and the identity of the consumer becomes increasingly important and challenging, especially with the growing sophistication of cybercrimes and fraud.

In the wake of these pain points, EMVCo recently released the new EMV® 3D Secure protocol, or 3-D Secure 2.0. It is designed to address a number of key limitations of the previous protocol and cement the technology’s reputation as one of the most resilient solutions in the fight against card-not-present (CNP) online fraud.

The 3DS 2.0 specification will also cater to the dawning of a new era in digital commerce, as it is compatible with new payment channels such as connected devices, app-based authentication as well as traditional browser-based e-commerce transactions, thereby delivering a much smoother performance and integrated user experience with industry-leading security.

The dawn of 3DS 2.0 will introduce several key features for issuers, merchants and consumers:

1. Strong Customer Authentication with Biometric & Token-based Technology

To combat the ever-increasing threat of fraudulent online transactions, 3DS 2.0 is able to provide more robust security by utilising stronger authentication measures such as biometric and token-based authentication, instead of static passwords.

Infinitium’s IMS 2.0 will offer Strong Customer Authentication (SCA) methods, with biometric (“something you are”) offered as one of the methods for customers to authenticate transactions, on top of the two other existing elements of password (“something you know”) and mobile device (“something you own”).

2. Built for mobile first

With the 3DS 2.0 protocol in place, gone are the days of sluggish browser redirection and poorly scaled challenge screens when customers make online purchases – which was a point of friction that contributed to legitimate customers dropping out of the payment flow.

As mobile devices become the mainstay platform for digital commerce, 3DS 2.0 is built to support authentication in mobile apps, in line with the growing trend of m-commerce. This means challenge screens can be presented from within the merchant’s app, while looking and feeling just like a part of the app.

3. Leveraging Data and Artificial Intelligence for Risk-based Authentication

One of the most significant improvements to the 3DS 2.0 is the capability to utilise data and machine learning algorithms for better risk assessment. The new algorithms allow for a seamless data exchange across the three domains, namely merchant/acquirer, issuer, and interoperability, allowing for a more robust risk-based authentication (RBA).

The new 2.0 version of the technology enables a real-time, secure, information-sharing pipeline that merchants can use to send an unprecedented number of transaction attributes that the issuer can use to authenticate customers more accurately without asking for a static password or slowing down commerce.

With 10 times more assessment data points, such as device channel and payment history, issuers and merchants can analyse additional contextual data related to the purchase to verify a cardholder’s identity and more accurately determine a transaction’s risk for greater authentication accuracy.

4. Frictionless Payment for Improved Customer Experience

Frictionless flow aims to make the customer checkout experience as frictionless as possible. The aptly termed “frictionless” payments inherent in the 3DS 2.0 technology will mean less waiting time, fewer steps, and lower strain on the customer.

The risk-based authentication (RBA) process is the enabling factor for frictionless flow, enabling issuers and merchants to determine whether or not a customer should be challenged for further cardholder authentication during the checkout process. As a result, issuers can authenticate the cardholder without them even knowing that an authentication step actually took place. Merchants are also empowered to provide a frictionless checkout experience for the customer, without compromising on the strong security that the 3DS protocol provides.

Based on data analytics behind the scenes between merchant and issuer, if no further cardholder interaction is required, authentication is deemed to have been achieved and the transaction can proceed without requiring additional customer verification. However, if the risk associated with the transaction is not sufficiently low enough, authentication will move onto the challenge flow with prompt for authentication via dynamic password, device recognition, biometric or token-based authentication.

Among Infinitium’s market footprint across the ASEAN region, there are currently 30 banks confirmed for the onboarding of 3DS 2.0 through Infinitium’s Integrated Mobile Secure (IMS) 2.0 updates.

Within each country, selected pilot banks will roll out features of 3DS 2.0 in their respective markets. The first bank to go live with the new protocol is expected to be in end of June 2019.

From a consumer perspective, the integration of 3DS 2.0 will not affect current user interface experience; instead, as the respective issuing banks introduce the platforms and options within the existing banking apps, consumers can seamlessly experience the features and get faster checkout times and better shopping experience.

Governance

Good governance is putting security & compliance
at the centre of our core business.