Updated: Apr 13
Hey, thanks for joining us! We've had so many clients ask us these same questions so we figured why not get this down on paper (keyboard) for everyone to benefit!
First things first.....Let’s get semantics out of the way. There’s no difference between EMV 3-D Secure (3DS) & 3DS2. EMV 3DS is the official name for the latest version of 3DS & was launched in 2018 to reflect current and future market requirements for card-not-present (CNP) payments.
EMV 3DS, 3DS2, and 3DS 2.0 all refer to the 2018 version of the protocol. When you see things like "3DS 2.1" that's just a minor version update. Think of it like your iOS updates.......3DS, 3DS1, and 3DS 1.0 all refer to the original version of the protocol, launched in 2001.
Since 2001, shopping habits have changed dramatically. 3DS was initially developed to provide additional security to online purchases through standard web browsers. At the time, mobile commerce didn’t exist and there was no way to foresee the future growth of CNP transactions. In fact, U.S e-commerce sales in 2001 add up to only 3% of e-commerce sales in 2018! As we look into the future, it is clear that e-commerce will continue to grow beyond desktop and mobile to eventually include voice activated purchases & wearables. Unfortunately, 3DS was not designed to function outside a browser environment and over time has become less and less relevant...Hence the need for EMV 3DS, a holistic authentication protocol.
In addition to the evolution of CNP shopping environments, data science has also evolved to make it possible to verify almost all consumers without impacting the checkout experience via risk based authentication. In 2001, the only way to authenticate a card-holder was to prompt (via pop-up) the consumer to verify their identity themselves. The prompt created friction at checkout leading to cart abandonment. One of the most exciting things about EMV 3DS is that issuing banks have access to hundreds of data points and can now use risk-based authentication to verify 95% of cardholders. This allows for a frictionless customer experience 95% of the time.
Another point worth highlighting is that EMV 3DS isn’t a product it’s a messaging protocol that was created by EMVCo (Europay, Mastercard, Visa) and it works by enabling the acquiring bank and issuing bank to communicate. The catch here is that the card brands don’t permit merchants to send requests directly to their servers to use the protocol. Instead EMVCo works to certify a handful of third party companies to build merchant plugins.
PAAY 3DS launched in 2016 as a merchant plugin and since then has been laser focused on providing merchants a frictionless version of 3DS (1.0). PAAY’s proprietary tech solutions overcome many of the challenges that merchants experience with 1.0 and from a merchant perspective PAAY’s 1.0 solution resembles 2.0 in more than one way.
Nonetheless, 2.0 is inarguably a huge step forward for the payment industry from a technical and philosophical perspective. The 2.0 solution is optimized for mobile apps, protects recurring transactions, is frictionless in the U.S.A. and meets PSD2 requirements in the E.U. The benefits of 2.0 will prove to be significant but do require the entire ecosystem to participate in the transition from 1.0 to 2.0. Merchants, 3DS providers, issuers, and acquirers must work together to successfully make this step forward in CNP payments.
PAAY is excited to announce the release of PAAY EMV 3DS (Our proprietary 2.0 solution!) To ensure a smooth transition for merchants, PAAY has developed a 1.0 / 2.0 hybrid that allows merchants to make a request for a 2.0 authentication with a 1.0 fall back. The fall back is only used when the issuing bank has not yet completed the upgrade to 2.0. To learn more about PAAY EMV 3DS email us at firstname.lastname@example.org.
See below for a summary of the differences between 1.0 & 2.0
Sign up for our newsletter to stay up to date on the latest in payments!