3DS Consumer Authentication

3DS stands for 3-D Secure, is a protocol developed and maintained to provide the framework for online credit and debit card verification. Products built on this protocol include Verified by Visa, MasterCard SecureCode, Discover ProtectBuy and American Express SafeKey.

On September 14, the revised Payment Services Directive (PSD2) will require additional authentication called Strong Customer Authentication (SCA) for customers making purchases online. This additional authentication adds an additional layer of security and confidence for customers when purchasing online.

CCBill has implemented the 3DS protocol across all payment forms, as well as our log in and pay system, CCBill Pay. For any customer where this additional authentication is required, CCBill will authenticate the customer with 3D Secure 2 using a passcode, pin number, or biometric input depending on what the customer’s bank supports.

European laws require the use of SCA for online payment processing. Whenever an EU cardholder makes a payment online, SCA is initiated. Prior to PSD2, an EU consumer could have just entered their card number and CVC, however now they are required to verify the payment with SCA.

The most important feature of SCA is two-factor authentication (2FA). Two-factor authentication significantly reduces the risk of fraudulent transactions, as it requires two or more pieces of information to authorize a payment. 2FA combines the use of something you know (e.g., account credentials) and something you have (e.g., biometrics) to authorize a payment.

What is two factor authentication

No, it is only mandatory for cards issued by EU-based banks.

Customer will need to complete the secure customer authentication for any new, initial purchase but 3DS 2.0 brings improvements to the authentication process by allowing the background exchange of data. This allows businesses to provide a seamless buying experience for consumers including storing of card information to facilitate future purchases such as rebills and promotional sales.

Yes, if the cardholder’s bank supports 3DS 2.0 authentication, they will be asked to authorize the addition of a payment card to their CCBill Pay account.

No. All transactions submitted before September 14 are considered out of scope for PSD2.

You may see lower chargeback rates for all purchases performed by EU-based cardholders. 3DS will reduce the risk of fraudulent transactions and thus lead to less chance of dealing with chargebacks.

No, there is no need to create new forms. All existing payment forms will automatically employ 3DS 2.0 features.

EMVco maintains the 3-D Secure protocol. Please refer to their EMV 3-D Secure page for more details.