Payment fraud remains an issue that merchants must engage with seriously, particularly in online shopping. The challenge for merchants is that they often have to choose between a lower risk of fraud and a lower risk of cart abandonment. To increase the security of credit card payments in e-commerce throughout Europe, new regulatory technical standards will come into force on September 14, 2019 within the framework of the European Union’s revised Payment Services Directive (PSD2).
This directive regulates payment processing within the European Economic Area. The latest supplement to the directive stipulates, among other things, strong customer authentication (SCA) for all e-commerce transactions. This means that customers making purchases by credit card must do more than provide information such as their credit card’s number, expiry date, and verification code—they must also undergo additional authentication. To pave the way for SCA, a new version of 3D Secure has been published. One of the features of 3D Secure 2 is authentication with the help of biometrics, thus ensuring more secure transactions in e-commerce.
With the previous standard, 3D Secure, the customer experience was compromised considerably for the sake of security. That’s why Mastercard, Visa, American Express, UPI, Diners Club, Discover, JCB and Cartes Bancaires saw the new security requirements of PSD2 as an opportunity to work on user-friendliness too. With 3D Secure 2, the card schemes are introducing a method that, thanks to the new authentication technology, promises not only fewer cases of fraud, but also a higher conversion rate compared with the first version of 3D Secure.
What are the concrete differences?
What advantages does the customer have with 3D Secure 2?
Flexible use across all end devices
Smooth and consistent user experience across all channels, including wallets and apps
Optimized user experience
Seamless integration of the authentication process with the shopping experience, as well as fast, simple, and convenient authentication for cardholders
Improved data exchange
The option of risk-based authentication provides additional protection against fraud and thus boosts sales
Strong customer authentication as an EU-wide measure against fraud
There are many ways for companies to actively combat fraud, from predicting and preventing fraud through machine learning to manually checking payments. A particularly effective method is comprehensive authentication to verify the identity of a customer before an online payment is even accepted. There are three different types: single-factor authentication (e.g. using a password), two-factor authentication (e.g. using a unique authentication code combined with a password), or multi-factor authentication.
If your acquirer is located within the European Economic Area (EEA) and you accept online credit cards, you need to enable 3D Secure 2.
Strong customer authentication (SCA) will become mandatory as of September 2019 as part of the PSD2. 3D Secure 2 is the credit card schemes’ answer to it. Participation in the 3D Secure 2 program is the easiest way to enable strong customer authentication.
Starting September 2019, financial institutions within the EEA are mandated to perform strong customer authentication for financial transactions. If you don’t switch to 3D Secure 2, you can generally expect a significant increase of declined transactions.
Even though strong customer authentication generally needs to be applied for payment transactions in the EEA, there are several cases in which it will not be mandatory, even after September 2019. For a comprehensive list of exemptions, please visit www.wirecard.com/3d-secure-2/strong-customer-authentication/.
The technical steps needed to support 3D Secure 2 mostly depend on two factors:
1) Whether you already support 3D Secure 1, and
2) The type of technical integration with Wirecard.
Further information on how to implement 3D Secure 2 will follow soon. We will notify you about the next steps in good time so that you have enough time and resources to integrate the new authentication solutions.
Wirecard Bank AG processes cardholders’ personal data for the purpose of payment processing as a Controller in the meaning of Art. 4 (7) GDPR. The merchant provides cardholders with information to be given by Wirecard according to Art. 13, 14 GDPR. The aforementioned information is available under https://www.wirecardbank.com/GDPR and should be added to the merchant’s terms and conditions or displayed in a suitable manner to the cardholders.
We strongly encourage you to support both 3D Secure 2 as well as 3D Secure 1 so as not to receive false declines from issuers that don’t support the new 3D Secure 2 protocol yet. To enable you to support both protocols with minimal effort, we have designed our APIs to be downward-compatible.
You can start using 3D Secure 2 immediately. The Wirecard Payment Gateway already supports it. Since we expect more and more issuers to support 3D Secure 2 over the coming months, we recommend that you switch to the new protocol as soon as possible.
The content on this page is continuously being revised and updated. Further information on how to implement 3D Secure 2 will follow soon. We will notify you about the next steps in good time so that you have enough time and resources to integrate the new authentication solutions.
Should you need assistance, please do not hesitate to contact our support team by email any time at firstname.lastname@example.org or via phone at
+49 (0) 30 300 113 177 (Monday to Friday, 8:00 to 17:00 CEST). You can also use the following contact form: