3D Secure 2.0
3D Secure 2.0 (3DS 2.0) is an updated version of the original 3D Secure (3DS) authentication protocol designed to reduce fraud and add an extra layer of security to online credit and debit card transactions. It was developed by EMVCo, a consortium of major credit card networks, including Visa, Mastercard, and American Express. 3DS 2.0 is designed to improve the security of online payments while reducing the chances of a legitimate transaction being falsely flagged as fraudulent.
Features
Improved user experience - Unlike the original 3DS, which often redirected users to a separate webpage for authentication (sometimes leading to a poor user experience), 3DS 2.0 offers a more seamless, frictionless experience. It supports authentication methods such as biometric recognition (fingerprints, facial recognition) and one-time passwords (OTPs) directly within the merchant’s checkout flow.
Risk-based authentication - 3DS 2.0 allows for risk-based authentication (RBA), where the system evaluates the risk level of a transaction based on data provided by the merchant, issuer, and cardholder. For low-risk transactions, authentication can be streamlined, reducing friction for the user.
Better integration with mobile - 3DS 2.0 is optimized for mobile devices, supporting in-app purchases and mobile web payments, which was a limitation of the original 3DS. It also supports advanced data fields that help assess the risk of a transaction more accurately.
Compliance with regulatory requirements - 3DS 2.0 helps merchants and issuers comply with regulatory requirements such as the Payment Services Directive 2 (PSD2) in Europe, which mandates Strong Customer Authentication (SCA) for many online transactions.
Enhanced security - The protocol uses dynamic authentication methods and allows for more data to be exchanged between the merchant and the card issuer, which helps in making better decisions on whether to approve, decline, or challenge a transaction.
How it works
When a customer makes a payment on a website or mobile app that uses 3DS 2.0, the following process typically occurs:
- Transaction initiation - The customer begins the payment process by entering their card details.
- Data sharing - The merchant sends transaction data, including details about the cardholder, device, and transaction, to the card issuer.
- Risk assessment - The issuer assesses the risk of the transaction. If it’s deemed low risk, the transaction may proceed without further authentication.
- Challenge or authentication - If the transaction is considered high risk, the customer is prompted to complete an additional authentication step, such as entering a password, biometric verification, or an OTP.
- Transaction completion - Once the authentication is successful, the transaction is approved, and the payment is processed.
Availability
See table below for availability by country.
| Country | Brands | EBANX * Authentication | External Authentication |
|---|---|---|---|
 Brazil |     | check_circle_outline | check_circle_outline |
 Chile | | check_circle_outline | check_circle_outline |
 Colombia | | check_circle_outline | check_circle_outline |
 India | | check_circle_outline | highlight_off |
 Kenya | | check_circle_outline | highlight_off |
 Mexico | | check_circle_outline | check_circle_outline |
 Nigeria | | check_circle_outline | highlight_off |
 Peru | | check_circle_outline | check_circle_outline |
 South Africa | | check_circle_outline | highlight_off |
Using authentication via EBANX SDK Authentication or EBANX Direct API Authentication
Integration this feature
Still need help?
We hope this article was helpful. If you still have questions, you can explore the following options:
- Merchant support: Contact our support team at sales.engineering@ebanx.com for assistance.
- Not a partner yet? Please complete the Merchant Signup Form, and our commercial team will reach out to you.