No more excuses, 3DS2 has arrived


No more excuses, 3DS2 has arrived and retailers will fall behind unless they comply.

After many delays, the main credit card companies such as Visa and Mastercard stopped accepting 3-D Secure (3DS) version 1 transactions across the world in the middle of October. It was largely phased out in the UK in March and the shift to 3DS2 has already had a positive impact. 

To improve security and make frictionless online and in-store shopping experiences easier for consumers, it is clearly working. According to a report from Barclaycard, 73% of retailers have seen a decline in online payment fraud. 

Worryingly though, the same report found that 28% of businesses are still not fully compliant with the regulation and £2.07 million in sales are being declined daily due to payments being routed through non-secure channels. 

Retailers have had years, albeit difficult years, to prepare. However, it has demanded both financial investment and time to ensure the resources that are needed to meet the protocol are in place. Some retailers are obviously still struggling to get up to speed, but they must now think less about the work they need to put in or the cost that compliance demands, and more about lost sales if they fail to comply or the damage to their reputations if customer payments are refused. 

Customers have got used to two-factor authentication when they are transacting online, and they appreciate the additional security that measures like 3DS2 bring. The onus is on retailers to deliver a response to the data points that are demanded by the protocol. If they enter more in their payment string, for example, they will quickly see that authentication requests reduce. Yes, there might be some adjustments to their ERP and shop systems, but they will reap the rewards when it comes to conversions.  

It’s important to note that 3DS2 processes are not actually mandatory in the UK, but SCA is, and 3DS2 is considered the easiest and most effective solution to comply with it. There are some exemptions, which include: 

  • Merchant-initiated transactions initiated by retailers at a later date with the consumer’s consent
  • Low value payments, under £45, but only if the retailer doesn’t ordinarily struggle with fraud, or their payment service provider has demonstrably low levels of fraud on its platform 
  • If a consumer regularly uses an eCommerce site, for example to do their weekly food shopping, and ‘whitelists’ the site 
  • Corporate payments made between organisations, but not individuals or cards issued to employees 
  • Direct debits, such as subscription payments, which will ordinarily only require SCA for the first payment. 

It’s not just retailers who have had to adjust their systems and processes, but payment service providers and banks. For PSPs like Computop this was essential in order to ensure retailers had access to compliant systems, without which the benefits of 3DS could not be realised. In fact, adoption of 3DS has been easily as impactful on the consumer payment ecosystem as the introduction of Chip & PIN in 2006. Its complexity, coupled with the difficulties of the pandemic lockdowns, are the reason why delays have happened, and why the Financial Conduct Authority has provided more leniency when it comes to compliance. 

Now, however, retailers must get on board. 3DS2 will benefit both customers and retailers. It will bring down the number of fraudulent payments and result in a safe shopping experience. Any retailer who has not yet caught up would be wise to prioritise 3DS2 now and not wait until their customers ask why their payments are not being authorised. 

By Ralf Gladis, CEO, Computop