Everything You Should Know About EMV 3DS 1.0 Authentication
Thousands of new e-commerce platforms are coming up every year. From new businesses to legacy retailers moving online, the online selling domain is booming. As a result, most previously physical card transactions have transformed into virtual or digital transactions. CNP (card-not-present) payments provide a higher amount of convenience for the consumers initiating transactions and demand lesser effort from merchants and vendors.
Digital payments come with a wide range of benefits and advantages that make life easier. However, there is a higher risk of fraud and cyberattacks when payments are made digitally. These attacks are highly focused, widespread, and difficult to identify and prevent.
Both the cardholder and the physical card are not present during CNP transactions. Identifying the person who is using the card for transactions becomes all the more challenging. In physical transactions where the card is present, PIN-enabled transaction devices and chip readers help in authenticating a user’s identity. However, no such security measures are available during CNP transactions. Consequently, a CNP transaction has to use other techniques of authentication through the online payment process.
Card companies and enterprises have started taking adequate measures to ensure the risk of identity theft, fraud, and various other illegal practices related to online transactions and payments is minimalized or mitigated.
One of the strongest methods used to ensure a CNP transaction’s authenticity is the authorization method known as SCA (strong customer authentication). SCA is the standard laid down by the EU Revised Directive on Payment Services (P2D2) that demands multi-factor authentication to complete CNP transactions successfully.
Understanding 3DS Authentication:
3D Secure is a user authentication security protocol. It adds a new layer of virtual protection for card payments and transactions where the card itself is not present physically. EMV 3DS 1.0 was built to allow cardholders to authenticate their identity, prevent transaction fraud, freeze unauthorized transactions and minimize chargebacks.
P2D2 requires SCA, which makes it a powerful security protocol accepted and used across Europe, in the EU, and in other countries like India and South Africa. Various versions of this protocol are being used by several card brands. This includes the members of EMVCo who led the creation of 3DS2, namely Mastercard, Visa, American Express, Discover, UnionPay, and JCB.
Components of EMV 3DS 1.0 Authentication:
3DS authentication was made to be an additional security step leading to financial authorization through cardholder authentication. It follows an operational model with three key domains. These are:
- Acquirer domain: This refers to the infrastructure of the acquiring merchant and bank that will receive the payment.
- Issuer domain: This is the infrastructure of the bank issuing the card that makes the payment.
- Interoperability domain: This domain refers to the systems that support the process of 3DS by enabling all the transacting parties to engage and exchange data.
3DS authentication uses the SSL (Secure Sockets Layer) protocol to transfer XML (Extensible Markup Language) messages using client authentication. This protocol shares a digital certificate to confirm the identities of every party involved in a transaction for maximum security.
Businesses operating from any country today require EMV 3DS 1.0 or similar authentication technologies to ensure CNP card transaction security.