Customer Authentication: How to turn the headache into an opportunity.

The way businesses handle authentication has evolved over the years. Businesses scramble to keep up with every change or update to the regulations causing quite a few headaches. The European Union has spent over a decade, fine-tuning regulations in order to secure the way businesses trade online and how consumers shop. However, with online shopping coming of age and tech innovation advancing at a rapid pace, regulation had to constantly adapt to safeguard shoppers’ identities online and limit cyber-fraud, for both the customer and the merchant.

A quick flashback: 20 years of consumer protection

Almost twenty years ago, 3D Secure 1.0 (3DS) was born to secure the way we shop. Customers were redirected to a separate page during the transaction process, to confirm their identity. It was often an annoying step in the process, which not only introduced friction but negatively impacted the merchants themselves, with customers dropping off due to the lack of native in-app web flows and the difficult-to-remember authentication prompts. This all resulted in a significant drop in conversation rates.

As the payments landscape kept on evolving, the European Commission published a proposal for the revised version of the Payment Services Directive (AKA PSD2), to ensure consumer protection across all payment types and create a more open, competitive payments landscape across Europe. However, much like with Spiderman, with great power comes great responsibility. To better protect customers when paying online, PSD2 requires more security and mandates Strong Customer Authentication (SCA), also called two-factor authentication.

The new kid on the block: 3D Secure 2.0

In the past, customers could simply enter their card number and a CVC verification code, but under PSD2, more information will be required at the time of payment. This could be seen as a negative side-effect of security as the break in the checkout process can lead to cart abandonment. However, the payments evolution progressed again.

With advances in technology, the EMVCo knew there needed to be a new edition and thus introduced 3DS 2.0. This new approach to authentication offers an improved online experience through a wider range of data and biometric authentication (think thumbprints). However, the big sister to 1.0 is much more than a pretty face. 3DS 2.0 is the main way for businesses to prepare for PSD2. It helps businesses trigger the PSD2 and SCA exemptions when applicable so that businesses can stop worrying and focus on their core business.

Moreover, this process allows businesses to have more choice and flexibility when it comes to their authentication process. Two-factor authentication and biometric scanning increasing security while reducing drop off rates which was the key issue with 3DS 1.0. This opens the doors for businesses to welcome technological advances and to continue to innovate in the future.

Going forward: Writing a new chapter

So is this happily ever after for both customers and payment providers? That remains to be seen. As technology continues to evolve, so too will the way people pay and the means for them to carry out a transaction.

With e-commerce becoming the preferred way for people to shop, merchants are pushed to implement the right technology to remain competitive and drive revenues. At SafeCharge, we help merchants implement the latest technology innovations to meet the highest compliance requirements and provide the best service, no matter the industry. The increased flexibility, choice, and control that the new regulations bring, couple perfectly with SafeCharge’s mantra of putting merchants back in control of their strategies.

We pride ourselves in providing smart solutions to handle new regulation requirements, and we are actively working with regulators, card schemes, and issuing banks to help create tools for merchants to take advantage of this new protocol. Our intention is to improve authentication processes, make SCA-compliant checkout flows as user-friendly as possible, and ultimately increase businesses authorisation rates. SafeCharge will support merchants with 3DS 2.0, Dynamic 3D Secure, and smart routing, to guarantee the safest customer experience and the highest possible conversion rates.


For more information on how SafeCharge can help support your payments regulation journey, get in touch with one of our team members.

SafeCharge Limited is an Electronic Money Institution authorised and regulated by the Central Bank of Cyprus and is a principal member of MasterCard, Visa and Unionpay International (CUP). SafeCharge Financial Services Limited is authorised and regulated by the Financial Conduct Authority as a Payment Institution. Both SafeCharge companies are wholly owned by SafeCharge International Group Limited.