When technology is the way to differentiate. When complexity stands in your way. We can help. We serve SMEs, large enterprises, and independent software vendors across a broad range of industries, with specialisations in:
Let's Connect


Stay up-to-date with the latest news, reports, and trends in the tech industry.
Get ready for Strong Customer Authentication

3-D Secure 2.0 payments

Blankfactor’s proven expertise in payments can help merchants, large and small, with 3-D Secure 2.0 (3DS) compliance through consulting, technical implementation, and custom software solutions. 3DS meets the Strong Customer Authentication (SCA) requirements going into effect in Europe next year. Merchants who are not compliant with SCA risk having transactions blocked by the card issuer, resulting in frustrated customers and loss of business.

What is Strong Customer Authentication?

Strong Customer Authentication (SCA) is a set of requirements introduced by the EU Revised Directive on Payment Services (PSD2). It requires payment service providers within the European Economic Area to comply with SCA by January 1, 2020 (September 14, 2021 for the U.K.).

SCA is a multi-factor authentication based on the use of two or more elements categories as possession, inherence, and knowledge. These categories are independent from each other, so that the breach of one form of authentication does not compromise the reliability of the others. SCA is designed to protect the confidentiality of the authentication data.

Something the customer owns such as a cellphone, a hardware token, etc.
Something inherent to tha customer; for instance, biometrics.
Something the customer knows. For example a passcode or passphrase.

When is Strong Customer Authentication required?

The more robust authentication requirements have increased the need for innovation in card-not-present transactions for merchants, card issuers, and payment service providers.

Payment service providers are required to use SCA when a payer accesses online accounts, initiates electronic payments, and/or carries out remote actions that imply risk.

  • 1
    Accessing payment account online
  • 2
    Initiating electronic payment transactions
  • 3
    Carrying out remote actions through channels which may imply a risk
“[Merchants] not only have limited time to prepare; the knock-on effect of approval rates and therefore lost revenue, is potentially staggering.”
Toby McFarlane

Head of approvals and fraud, CMSPI

The impact of declined transactions

In 2017, $118 billion were lost to false declines across all online transactions in 2017 (Javelin Strategy), 66% of mobile transactions were abandoned at checkout (Jumio), and, 32% of users plan to stop shopping at the retailer where they were declined (Javelin Strategy).
Users would not return to a retailer if declined
Source: Nudata Security
of mobile transactions had cart abandonment
3-D Secure 2.0: <br>An European requirement with worldwide opportunity

3-D Secure 2.0:
An European requirement with worldwide opportunity

To comply with the new European standards, EMVCo published specifications for 3-D Secure 2.0. The new protocol is designed to be less intrusive and meet the stringent requirements of PSD2.

New vs. old

3-D Secure 1.0 was launched in 2001, but the protocol has not kept up with technological innovation and has been plagued with issues. 3-D Secure 2.0 offers better fraud protection, user convenience, and technology.

3DS 1.0

3DS 2.0

Benefits of
3DS 2.0


Static passwords, security
questions and risk-based

Eliminates static passwords
for stronger two-factor

  • Greater security
  • Greater convenience


Browser dependent

Supports different
payment channels
(in-app, IoT, browser, etc.)

  • Better UX
  • Great control by merchant
  • Wider applications


Only 15 data elements available

Enables 10x more data
to be exchanged

  • Increased accuracy
  • Improved decisioning

Use cases

Supports guest checkout only

Supports guest checkout with additional use cases (wallets, tokenization, etc.)

  • Expanded use
  • Greater security


Merchants bound by issuer decisioning

Enhances decisioning by
increased flow of data

  • Greater flexibility
Source: Mastercard
Stronger authentication
Better customer experience
Multiple device support
Merchant opt-out
Stronger authentication
Stronger authentication
3-DS 2.0 has the ability for merchants to share up to 150 data points, including cardholder’s key addresses, browser language, location data, etc. The more data shared between merchants and issuers, the better the fraud assessments will be, thus further reducing the rate of false declines.
Better customer experience
Better customer experience
3-DS 1.0 required a static password. If a cardholder couldn’t remember their password, this often led to cart abandonment. 3-DS 2.0 is optimized to work across platforms (web, mobile, IoT) and uses familiar authenticators suchs as biometrics and one-time-passwords to verify risky transactions.
Multiple device support
Multiple device support
Smartphones didn’t exist when 3-DS 1.0 was released. 3-DS 2.0 is optimized to work across platforms such as web, mobile, IoT and allows for in-app purchases and digital wallet payments.
Merchant opt-out
Merchant opt-out
Merchants who enrolled in 3-DS 1.0 were bound to the issuer decision whether a charge was accepted or not. With 3-DS 2.0, merchants are able to opt-out of the authentication process and use their own risk models to approve or deny a sale. If merchants choose to do so, however, they will assume the liability of a fraudulent transaction.
Blankfactor Technologies 3D S - Frictionless Authentication

Frictionless authentication

Merchants and card issuers will have a far greater opportunity to easily authenticate transactions with user behavior analytics to identify high risk transactions and reduce fraud, while still providing a seamless user experience.

Information- only requests

Information-only requests allow a merchant to share transaction data without risk of failed authentications. This helps improve authentication rates without any risk of failed transactions.

Blankfactor Technologies 3D S - Information Only Requirements
Blankfactor Technologies 3D S - Decoupled Authentication

Decoupled authentication

Authentication can be separated from the payment transaction and can still take place up to 7 days after the actual payment. Allowed for authentication to take place outside of a typical e-commerce flow, when the cardholder may not have immediate access to a web interface.

Worldwide liability shift

Visa and Mastercard have both created policies where merchants who utilize 3-DS 2.0 can receive a liability shift in the event of fraud related chargebacks when they attempt authentication. Even if the card issuer is not ready to support it. This liability shift extends globally this year.

Blankfactor Technologies 3D S - Worldwide Liability Shift