3DSecure 2: Make it work to your advantage.

If you are a business in Europe or if your customers are based in the EU, there is no doubt that you are wondering and most probably worrying about 3DSecure 2 and its implications on your business. One thing is sure, understanding the process, the ins and outs of the new technology, the dynamic nature of the solution that changes as per the up-datedness of the all the parties involved is a cause of uncertainty for businesses.

We’ve jogged past the April 2019 deadline and the September deadline is not too far on the horizon. As banks and payment providers rush to catch up with the deadline (even though there might be an extension), businesses might feel that their transaction conversions are at mercy of all their payment providers. But that’s not true, you have a choice. To understand what options businesses have, let’s first breakdown the whole 3DSecure saga.

PSD2, SCA, 3DS2…what’s the connection?

The Second Payment Service Directive (PSD2) comes in full effect by September 2019 and the most important aspect of PSD2 is the implementation of Strong Customer Authentication (SCA) for online payment transactions. This is to ensure the security of online transactions across all devices including mobile payments. Businesses, issuers, and acquirers are required to authenticate customers payment transactions using two or three forms of authentication whenever necessary.

3D Secure 2 (3DS2) is the answer to manage the SCA requirements. An updated protocol by EMVCo, (a collaboration between card schemes, banks, processors and other industry stakeholders), 3DS2 supports seamless payment experience that was lacking in the mobile behaviour with 3DS1.

Uncertainty rules the roost: Why?

As per the PSD2 requirements, issuers (your customer’s bank) should be ready with 3DS2 by September 2019. But in the current scenario, a lot of banks are not 3DS2 capable yet and might not be ready by September 2019.  So, what happens to your transactions? Ideally in a 3DS2 flow, when your customer makes a purchase and initiates a transaction, he might be asked to verify himself to ensure that it is the right person connected with the card used for the transaction. This depends on multiple factors, the type of transaction, issuer capabilities and many more parameters making it a complex process. Apart from all this, there are always the security measures you must take to combat fraud.

Another important factor to consider is the exemptions list. Sending every single transaction for extra authentication is not only inefficient but it could also adversely affect conversions. Transactions that fall under the exemption’s category do not need extra authentication helping your customer to go through a frictionless flow.

Businesses can find themselves at loss trying to figure out how and which transaction will be passed for extra authentication? Will the issuing bank support 3DS2?  What happens if it does not? What happens to the approval rates? Is there anything at all that merchant can do? All these questions are important as they are directly tied to your conversion and the answers are dependent on various third parties like banks and payment providers. Adding an additional verification step in the payment journey for authentication means adding an additional step before conversion. Today, merchants are spending every waking hour wondering how to navigate this maze of decisions.

Technology to the rescue

Worry not, the right technology or combination of technologies can play a crucial role in reducing the 3DS complexity for businesses. There are three major aspects to PSD2 and 3D Secure 2. To manage the risk and to be compliant to PSD2, businesses need to screen and authenticate users in the most efficient way. But it needs to be done in such a way that the authentication step does not negatively affect the User Experience.

Risk, authentication and mobile ux icons

Every single transaction on your platform needs to be analysed – how risky is it, does it fall under exemptions, does the issuer support 3DS2 – all these decisions, the analysis and sending them for approvals must be done within microseconds. Your business depends on this kind of dynamic decisioning and that’s where solutions such as SafeCharge Smart 3DS with its Machine Learning and Artificial Intelligence logic come to the rescue.

What is SafeCharge Smart 3DS?

SafeCharge Smart 3DS is a dynamic, intelligent and a real-time solution to manage 3DS routing and exemption management based on merchant’s risk settings.  The service dynamically routes transactions via the appropriate 3DS flow. Its online exemption submission engine takes decisions in real-time and based on merchant preferences passes on all the relevant data to the issuer, to allow for a frictionless flow when possible. Various parameters are analysed in a fraction of a second and decisions are made to ensure that the transaction is routed in the most efficient way to maximise conversions.

Download brochure

Businesses have the key to conversions

The technology behind SafeCharge Smart 3DS is truly innovative, but it is still the businesses that hold the magic key.

In case of 3DS routing, the risk profile of a business defines the parameters of 3DS decisioning. A business with higher risk appetite can define the risk parameters such that more transactions can be sent for exemption via the frictionless flow thus increasing the conversions. The ML and AI logic in SafeCharge Smart 3DS considers the business risk profile while making a decision and the more transactions it handles the smarter it gets.  Businesses using SafeCharge acquiring have the additional benefit of Transaction Risk Scoring managed by SafeCharge Risk Engine.

Merchant Tip:

In the light of upcoming changes, it is a good idea to relook at your risk profile and modify it to work in sync with the new updates and especially with new technology such as SafeCharge Smart 3DS.

SafeCharge Smart 3DS: How does it benefit merchants?

  • Reduce 3DS complexity: SafeCharge Smart 3DS is a comprehensive, intelligent solution that manages all aspects of 3DSecure including managing risk, 3DS routing, exemption decisions and more while trying to ensure the best user experience and higher approval rates.
  • Better security and better UX: 3DSecure 2 is designed to improve the security of online transactions and with real-time intelligent decisioning, Smart 3DS service provides a smooth user experience to your customers.
  • Sales boost: 3DS2 provides diverse data points enabling the issuer to get more information for transaction authentication, leading to higher approval rates.
  • Acquirer agnostic: SafeCharge Smart 3DS service can be used for authentication with SafeCharge acquiring or in collaboration with other acquirers. SafeCharge transaction risk scoring adds extra accuracy with SafeCharge acquiring.
  • Ease of integration: Various options to integrate based on business requirement. Smart 3DS can be implemented on hosted payment pages, via API, via WebSDK or even via a Merchant Plug-In (MPI)
  • Detailed reporting and analysis: Business have a clear view and better control over their transaction check statuses in SafeCharge Control Panel
  • PCI and PSD2 compliance: And of course, the solution enables businesses to comply with regulations.

If you are interested in understanding the process in detail, look at the diagram below.  But if you’d rather have someone explain it to you, please get in touch.

Download Smart 3DS Service brochure

SCH Smart 3DS Diagram

3DSecure 2: It’s an opportunity!

Though the past few months have been rife with confusion, 3DSecure 2 brings a lot of positive changes for businesses. With better security and better mobile experience, 3D Secure 2 protocol could work in favour of businesses that take control of their risk strategy. In the coming months, as more issuers become compatible to 3DS2, more transactions are sent via the new protocol, and as we all gain more experience, the confusion and complexity around 3DS2 will reduce and we will begin to see the hidden opportunities brought on by this new technology.

Merchant Tip:

Ask your customers to whitelist you. Adding a button on your payment page allows your customers to whitelist you and this means they don’t need to go through extra authentication when on your website.

Regulation changes are often complex and confusing, and we are here to help you navigate through these changes. If you have any questions around SafeCharge Smart 3DS or PSD2 in general, feel free to get in touch with our team.


SafeCharge Limited is an Electronic Money Institution authorised and regulated by the Central Bank of Cyprus and is a principal member of Mastercard, Visa and Unionpay International (CUP). SafeCharge Financial Services Limited is authorised and regulated by the Financial Conduct Authority as a Payment Institution. Both SafeCharge companies are wholly owned by SafeCharge International Group Limited.