What is 3DS?

3DS is a messaging protocol by EMVCo. It allows customers to authenticate themselves with their card issuer when making card-not-present (CNP) purchases.

The PCI 3DS Core Security Standard is the standard that provides guidelines for companies that manage or provide EMV® 3DS components, specifically: ACS, DS, and 3DSS. Tyro recommends that you review all the PCI 3DS Core Security Standard documentation at the PCI website and familiarise yourself with the requirements.

Please be aware that 3DS is sometimes known by other branded names like Visa Secure, American Express SafeKey or Mastercard Identity Check. In the Tyro eCommerce documentation it will be referred to as 3DS or sometimes 3-D Secure.

3DS aims to reduce fraud and provide added security to online payments. From 2020, banks will expected to move from 3DS1 and to start supporting 3DS2, a new version of 3-D Secure.

The 3DS advantage

Liability shift

Not only does 3DS safeguard the consumer against fraudulent purchases, it offers protection to the merchant through liability shift.

All payments that have been successfully authenticated using 3-D Secure are covered by the liability shift. If a 3-D Secure payment is disputed by the cardholder, the liability shifts from the merchant to the card issuer.

The 3DS2 advantage

Frictionless flow

A big advantage of 3DS generally is the liability shift.

The advantage 3DS2 offers over 3DS1 is the introduction of frictionless flow.

With 3DS2, issuers are able to approve some transactions without the need for input from the cardholder (ie. it is not always the case that the payer will have to prove their identity in a UI challenge). 3DS2 removes ‘friction’ from the checkout process.

3DS1 was, by comparison, non user-friendly. Users were forced to deal with annoying pop-ups and remember static passwords. Irritated users would simply quit the purchase, compromising vendor bottom line. Sometimes people would even doubt the authenticity of the dialog/pop-up box challenge and quit the purchase (once again compromising vendor bottom line).

These problems are mitigated with the introduction of 3DS2, which offers a frictionless payment experience in all cases except those where a payer is identified as questionable. Please be aware, though, that 3DS1 is still being used as a fallback authentication method in cases where 3DS2 is unavailable/unsupported.

3DS2 will be the main card authentication method used to meet the upcoming Strong Customer Authentication (SCA). Tyro supports 3DS2 on our payments APIs, on our wallet and device payments functionality, and on Hosted Session and Hosted Checkout.