A holistic approach to secure remote commerce for an omni-channel world.

EMV 3DS helps prevent unauthorized card not present transactions and protects merchants from CNP fraud. The new specification reflects current and future market requirements for:

  • Risk based authentication (Up to 95% authentication rate)

  • Acceptance of tokens (Pass tokens instead of the full credit card number) 

  • 3DS Sever allows for out of band authentication (not bound to browser)

  • App based EMV 3DS authentication

  • Fewer steps for authentication

  • Frictionless customer experience with chargeback protection (eliminate friendly fraud)

  • Biometric authentication to meet strong customer authentication requirements

  • 3-D Secure integration with digital wallets

  • Recurring transactions (Original 3-D Secure only provided chargeback protection against the first transaction whereas EMV 3DS protects all recurring transactions)

  • PSD2 Compliance (The EU's Payment Services Directive mandates EMV 3DS)


Issuers have access to over 150 data parameters - 10 times that of the original version of the protocol. 3DS 2.0 has 41 required data points and over 100 optional points the merchant can choose to send to the issuer. This allows issuers to use risk based authentication (RBA) to give each transaction a score based on the level of risk. RBA authenticates over 90% of transactions via the 3DS server allowing merchants to receive chargeback protection without friction or false declines. In the event that a transaction cannot be authenticated with RBA (roughly 5% of transactions) PAAY's 3DS server gives merchants the option either A.) close out the 3DS request allowing for an entirely frictionless customer experience or B.) Prompt the consumer for additional verification to ensure the merchant is protected in the case of a fraudulent chargeback.



A cornerstone to secure remote commerce is tokenization. Tokens are created, stored, mapped, and unmapped inside a Token Vault.



By 2021 the EU's Payment Services Directive (PSD2) will require merchants to implement strong customer authentication (SCA). PAAY EMV 3DS makes compliance simple.



When the ACS requires a 3DS 2.0 challenge or SCA, out of band authentication allows third party bank apps to verify the identity of consumers using their biometric. Out of band authentication is a type of two factor authentication because it requires a secondary verification method through a separate communication channel along with the typical ID.