On demand top talent to meet your expansion needs.Learn more
Blankfactor’s proven expertise in payments can help merchants, large and small, with 3-D Secure 2.0 (3DS) compliance through consulting, technical implementation, and custom software solutions. 3DS meets the Strong Customer Authentication (SCA) requirements going into effect in Europe next year. Merchants who are not compliant with SCA risk having transactions blocked by the card issuer, resulting in frustrated customers and loss of business.
Strong Customer Authentication (SCA) is a set of requirements introduced by the EU Revised Directive on Payment Services (PSD2). It requires payment service providers within the European Economic Area to comply with SCA by January 1, 2020 (September 14, 2021 for the U.K.).
SCA is a multi-factor authentication based on the use of two or more elements categories as possession, inherence, and knowledge. These categories are independent from each other, so that the breach of one form of authentication does not compromise the reliability of the others. SCA is designed to protect the confidentiality of the authentication data.
The more robust authentication requirements have increased the need for innovation in card-not-present transactions for merchants, card issuers, and payment service providers.
Payment service providers are required to use SCA when a payer accesses online accounts, initiates electronic payments, and/or carries out remote actions that imply risk.
Static passwords, security
questions and risk-based
Eliminates static passwords
for stronger two-factor
(in-app, IoT, browser, etc.)
Only 15 data elements available
Enables 10x more data
to be exchanged
Supports guest checkout only
Supports guest checkout with additional use cases (wallets, tokenization, etc.)
Merchants bound by issuer decisioning
Enhances decisioning by
increased flow of data
Merchants and card issuers will have a far greater opportunity to easily authenticate transactions with user behavior analytics to identify high risk transactions and reduce fraud, while still providing a seamless user experience.
Information-only requests allow a merchant to share transaction data without risk of failed authentications. This helps improve authentication rates without any risk of failed transactions.
Authentication can be separated from the payment transaction and can still take place up to 7 days after the actual payment. Allowed for authentication to take place outside of a typical e-commerce flow, when the cardholder may not have immediate access to a web interface.
Visa and Mastercard have both created policies where merchants who utilize 3-DS 2.0 can receive a liability shift in the event of fraud related chargebacks when they attempt authentication. Even if the card issuer is not ready to support it. This liability shift extends globally this year.