How Delegated Authentication and Payment Authentication work with PSD2



In 2019, banks started phasing in support for 3D Secure 2, which includes a number of enhancements over the previous 3D Secure protocol, 3D Secure 1. Although 3D Secure 1 enhanced security, 3D Secure 2 enhances the cardholder experience and is upgraded to support smartphone payments.

This new version features frictionless authentication, reducing cardholders’ difficulties while making card purchases, minimizing fraud, and bolstering the security of online transactions, creating strong customer authentication solutions. 3D Secure 2 enhances the authentication process by including the challenge directly into the checkout process without transferring the cardholder to extra authentication sites.

3D Secure 2 is the main way to comply with Europe’s new Strong Customer Authentication (SCA) standard, which mandates enhanced security. The SCA rule mandates the use of 3D Secure to secure transactions. To do business in Europe, you must implement a higher level of authentication. 3D Secure provides this extra protection without significantly affecting the cardholder experience.

If online payment is successfully validated using 3D Secure, the merchant is not responsible for later chargebacks resulting from fraud. If a cardholder disputes a transaction as fraudulent, the merchant’s obligation passes to the card issuer. Moreover, if a cardholder challenges a transaction for a reason other than fraud, the merchant remains liable. It would help if you were prepared to prevent and handle conflicts in these situations.

There are rare instances in which 3D Secure-authenticated transactions do not transfer responsibility to the issuer, such as when an account encounters significant fraud. 3D Secure-authenticated transactions cannot be contested as fraudulent; nevertheless, the issuer may examine a transaction by requesting further information.

Strong Customer Authentication (SCA), sometimes a challenge, may be applied to every 3D Secure authentication request from a requestor or merchant. This choice is the most compatible with regulations and risk-free, but also the most limited. This option is optimal if all 3DS authentication requests must be contested and neither Delegated Decisioning nor Automated Decisioning is employed to make a determination.

Choose Delegated Decisioning if you want complete control over 3D Secure authentication decision-making as well as monitoring, reporting, and auditing needs. This option grants full control over 3D Secure decision-making to your systems. Delegated Decisioning enables you to omit low-risk authentication requests based on system- and region-specific risk criteria.

Below is an infographic from LoginID entitled “How Delegated Authentication and Payment Authentication work with PSD2.”