Best practices for implementing 3D Secure 2: Keeping your online payment secure.
While we won’t do a deep dive into what 3D Secure 2 is and how it works (you can read more on that here), it offers a secure authentication process for online payments.
Getting 3DS2 right can lead to reduced fraud, higher conversion rates and an overall better customer experience. But it can be a tricky balance between ensuring secure transactions and creating a seamless customer experience.
Here are some best practices for leveraging 3DS2 to its full potential.
-
Adopt a frictionless flow, where possible.
One of the key benefits of 3DS2 is its ability to offer a frictionless online payment experience whilst protecting customers from fraud. As long as the Issuer is confident that the person making the transaction is the cardholder, the transaction can be authenticated without them needing to manually approve the payment or enter an OTP (one-time password).
To maximise the chances of your customers experiencing a frictionless payment…
Leverage data points.
Ensure that you’re collecting and sending all of the recommended data points, such as device information, transaction history and customer behaviour. The more data the Issuer receives, the better, as it can help them to determine that the cardholder is legitimate and allow a frictionless flow.
The following parameters to be sent in every 3D Secure authentication request:- Browser IP address.
- Cardholder name.
- Cardholder email address or phone number.
For more details on the mandatory data points and any updates check out our Developer Docs here.
-
Benefit from Step-Up Authentication.
If an Issuer is unsure whether a transaction is legitimate, a transaction may be soft declined.
To tackle this and improve approval rates, one feature you can benefit from is step-up authentication.
With step-up authentication, if a transaction is soft declined the customer can be prompted to provide additional information such as an OTP. This sends additional data to the Issuer to help prove that the cardholder is legitimate, allowing the transaction to proceed successfully.
Tips for step-up authentication:-
- Offer multiple authentication methods: Provide customers with a variety of authentication options, such as SMS, OTP etc. This flexibility ensures that customers can complete the authentication in a way that is most convenient for them.
-
Optimise the step-up flow: Ensure that the step-up flow is as seamless as possible. This means optimising the UI for mobile devices, reducing load times, and providing clear instructions to the customer.
-
-
Don’t forget to optimise for mobile.
With the rise of mobile and app commerce, it’s critical that your 3DS2 flow is optimised for mobile devices. This isn’t just about making sure that your payment page is responsive, it’s ensuring that the entire authentication flow is smooth and user-friendly on smaller screens.
Considerations for mobile optimisations include:-
- In-app authentication: Do you have a mobile app? Consider implementing in-app 3DS2 authentication. This approach keeps the customer within the app during the authentication process, reducing the risk of drop-off.
-
Test across multiple devices: Ensure that the 3DS2 flow works smoothly across a wide range of devices and operating systems.
-
-
Check if any of your transactions are exempt.
Exemptions are transaction types that are exempt or out-of-scope.
Exempt transactions = you can choose to tell the card Issuer that you want these types of transactions to be exempt.Out of scope = these transactions won’t go through 3DS2 if you send data with the transactions that shows that they’re out of scope.
Note, this list may evolve over time but exemptions include:-
Merchant-initiated transactions (MIT) / Recurring payments (out-of-scope).
-
Low-value payments (exempt).
-
Mail orders & Telephone orders (MOTO) (out-of-scope).
-
Low risk transactions (exempt).
-
Corporate payments, where a dedicated B2B payment method is used (exempt).
To enable or not enable? This really depends on your business. Just because you can make certain transactions exempt doesn’t always mean you should.
Speak to your payment provider to discuss the best option and check out our Exemptions blog here. -
-
Monitor and optimise performance.
It’s crucial to continuously monitor performance and make updates as and when needed.
Tips for optimising your 3DS2 flow include:-
Monitoring approval rates: Keeping an eye on your approval rates will be a key indicator if your flow is working well or needs adjusting. If you begin to notice a decrease in your approval rates, speak to your payment provider to explore possible causes and a solution.
-
A / B testing: It can be tricky to find that balance between security and user experience. A / B testing can help determine which authentication methods and flows give the best conversion rates while keeping your transactions secure.
-
-
Stay compliant with regulations.
Regulations regarding online payments and customer authentication are regularly updated, and can vary region by region.
To remain compliant:-
Understand local requirements: Ensure that your 3DS2 implementation meets the specific requirements of the regions where your business is operating.
-
Update, as and when, regulations evolve: It’s important to stay informed and update your flows accordingly. Work with a payment provider that will keep you up-to-date with regulatory changes and ensure that you stay compliant.
-
3DS2 was a great shift in improving security for online payments, while offering a seamless experience for customers. By following these best practices you can ensure that your 3DS2 implementation will be both effective and customer-friendly.
Looking to implement 3DS2 for your online payments? Speak to our team.