Payment security Payments

How 3D Secure 2.0 Ensures a Frictionless Experience

2019 June 4


How 3D Secure 2.0 Ensures a Frictionless Experience

More than 15 years ago 3D Secure was first deployed by Visa with the aim to prevent unauthorized transactions. Now we look forward to its improved version – 3D Secure 2.0 or also called EMV 3-D Secure. EMVCo, an organization formed by American Express, Discover, JCB, Mastercard, UnionPay, and Visa, developed the 3D Secure 2.0 protocol to meet the demands of a changing e-commerce and payments industry.

Why 3D Secure 2.0 was developed?

First of all, 3D Secure 1.0 was not intended for mobile devices. Arcot Systems (now CA Technologies) created it merely for desktop browser payments. That is why it has been causing frustration to mobile users.

Since customers could not identify the 3D Secure pop-up page, they have often seen it as an unnecessary step or, paradoxically, even as a security threat. It has increased transaction abandonment and has been killing conversions.

Surprisingly, according to a 2016 Ethoca report, half of suspected fraudulent declined transactions appeared to be rightful. It confirmed the limitations of 3D Secure 1.0.

These factors, as well as other small inconveniences, encouraged the idea and development of a better version of 3D Secure. 3D Secure 2.0 should fill the gaps of its predecessor and reduce illegitimate card payments without causing poor user experience.

How does 3D Secure 2.0 differ from 3D Secure 1.0?

  1. More information about a cardholder is provided during authentication.

    With the new version of 3D Secure, an issuing bank receives 10 times more information about a transaction in real time. It improves the accuracy and speed of cardholder verification.

  2. Authentication happens behind the scenes.

    The central part of 3D Secure 1.0 is the code that cardholders must enter in order to verify their identity. In the 2.0 version, authentication happens unnoticeably for the customer, as the transaction data is checked on the issuer’s side. This leads us to the next difference.

  3. Additional cardholder authentication is done only on high-risk transactions.

    When a customer pays with a card, the card issuing bank receives more than 100 transaction attributes for validation. If the bank decides that a transaction is high-risk, the cardholder needs to undergo an additional check. It is, however, will be applicable only to a small percentage of transactions. In such a case, EMV 3-D Secure offers several authentication methods.

  4. Different authentication methods and no static passwords.

    Banks will be able to choose the most appropriate authentication method for each cardholder depending on the possibilities of their devices. 3D Secure will finally meet the needs of mobile users. So, what’s new? There are 3 methods of authentication in 3D Secure 2.0:

    • the customary one-time passcode,

    • knowledge-based questions,

    • and the out-of-band authentication. This includes biometrics: fingerprint, voice recognition, and face recognition.

      3D Secure 2.0 authentication
  5. Non-payment authentication for e-wallets.

    Additionally, the new 3D Secure protocol will be used not only for desktop and mobile transactions but also for digital wallets. The authenticity of cardholders will be checked when they add their cards to an e-wallet.

Benefits of 3D Secure 2.0

  • A more accurate authentication based on more than 100 attributes;
  • Authentication behind the scenes and reduced checkout time;
  • Additional authentication of cardholders only for high-risk transactions;
  • Fast and accurate biometric authentication;
  • Improved user experience and reduced cart abandonment;
  • Less legitimate transactions declined;
  • Integration of 3D Secure into mobile apps and frictionless flow of mobile payments.

3D Secure 1.0 has been indeed a game-changing technology of its time. It has helped cardholders, merchants, issuing banks, and payment processors prevent fraudulent charges. Nowadays, it is no longer in line with current industry development. Therefore, it is time for it to give way to more efficient, secure and frictionless technology.

What should you do as a Cardinity merchant?

By the 𝟭𝟰𝘁𝗵 𝗼𝗳 𝗢𝗰𝘁𝗼𝗯𝗲𝗿 𝟮𝟬𝟮𝟮, all merchants will have to transition to EMV 3D secure (2.0), because:
  •  Mastercard will stop accepting EMV 3DS 1.0 transactions for cardholder authentication.
  • Any transaction submitted with EMV 3DS 1.0 will result in an error response.

In order to transition to EMV 3D secure (2.0) merchants have to update their integration with Cardinity payment system by the set deadline. With an updated integration, merchants will be automatically 3D secure 2.0 compliant.

You can find the updated modules and API/SDK libraries at


Open a merchant account for free
and start processing payments with Cardinity!