Skip to main content

3D Secure 2.0

3D Secure 2.0 (3DS 2.0) is an updated version of the original 3D Secure (3DS) authentication protocol designed to reduce fraud and add an extra layer of security to online credit and debit card transactions. It was developed by EMVCo, a consortium of major credit card networks, including Visa, Mastercard, and American Express. 3DS 2.0 is designed to improve the security of online payments while reducing the chances of a legitimate transaction being falsely flagged as fraudulent.

Features

  • Improved user experience - Unlike the original 3DS, which often redirected users to a separate webpage for authentication (sometimes leading to a poor user experience), 3DS 2.0 offers a more seamless, frictionless experience. It supports authentication methods such as biometric recognition (fingerprints, facial recognition) and one-time passwords (OTPs) directly within the merchant’s checkout flow.

  • Risk-based authentication - 3DS 2.0 allows for risk-based authentication (RBA), where the system evaluates the risk level of a transaction based on data provided by the merchant, issuer, and cardholder. For low-risk transactions, authentication can be streamlined, reducing friction for the user.

  • Better integration with mobile - 3DS 2.0 is optimized for mobile devices, supporting in-app purchases and mobile web payments, which was a limitation of the original 3DS. It also supports advanced data fields that help assess the risk of a transaction more accurately.

  • Compliance with regulatory requirements - 3DS 2.0 helps merchants and issuers comply with regulatory requirements such as the Payment Services Directive 2 (PSD2) in Europe, which mandates Strong Customer Authentication (SCA) for many online transactions.

  • Enhanced security - The protocol uses dynamic authentication methods and allows for more data to be exchanged between the merchant and the card issuer, which helps in making better decisions on whether to approve, decline, or challenge a transaction.

How it works

When a customer makes a payment on a website or mobile app that uses 3DS 2.0, the following process typically occurs:

  1. Transaction initiation - The customer begins the payment process by entering their card details.
  2. Data sharing - The merchant sends transaction data, including details about the cardholder, device, and transaction, to the card issuer.
  3. Risk assessment - The issuer assesses the risk of the transaction. If it’s deemed low risk, the transaction may proceed without further authentication.
  4. Challenge or authentication - If the transaction is considered high risk, the customer is prompted to complete an additional authentication step, such as entering a password, biometric verification, or an OTP.
  5. Transaction completion - Once the authentication is successful, the transaction is approved, and the payment is processed.

Availability

See table below for availability by country.

CountryBrandsEBANX * AuthenticationExternal Authentication
Brazil flagBrazil
VisaMasterAMEXELO
check_circle_outlinecheck_circle_outline
Chile flagChile
VisaMaster
check_circle_outlinecheck_circle_outline
Colombia flagColombia
VisaMaster
check_circle_outlinecheck_circle_outline
India flagIndia
VisaMaster
check_circle_outlinehighlight_off
Kenya flagKenya
VisaMaster
check_circle_outlinehighlight_off
Mexico flagMexico
VisaMasterAMEX
check_circle_outlinecheck_circle_outline
Nigeria flagNigeria
VisaMaster
check_circle_outlinehighlight_off
Peru flagPeru
VisaMaster
check_circle_outlinecheck_circle_outline
South Africa flagSouth Africa
VisaMaster
check_circle_outlinehighlight_off

* EBANX Authentication:

Using authentication via EBANX SDK Authentication or EBANX Direct API Authentication


Integration this feature

Still need help?

Help Image

We hope this article was helpful. If you still have questions, you can explore the following options: