An official MasterCard announcement informing the audience about its plan to transition all customers to EMV 3DS 2.0 before the decommission date of 3DS 1.0 is turning heads. To clear up steps for the issuer side, Asseco brings you a pain-solution overview of the transition and a timeline leading to this current transition.
VISA introduced 3D Secure (3DS) back in 2001 to provide merchants and issuers a way to authenticate the cardholder for eCommerce payments. EMVCo, in collaboration with Visa and industry stakeholders, brings an update, referred to as 3D Secure 2.0 (3DS 2.0). EMVCo released the specification in October 2016, with an updated version, 2.1.0, published in October 2017, and version 2.2.0 published in December 2018.
With EMVCO initially introducing 3D Secure 2.0, the announcement states that 3D Secure is in the phase-out stage and will no longer have support after 31.12.2020.
In the same timeline, we have PSD2, demanding Strong Customer Authentication, Transaction Dynamic Linking, Transaction Risk Analysis with SCA exemption; applied at all electronic payment channels. 3D Secure 2.0 and the newest releases have covered those PSD2 requirements and ensured that issuers, acquirers, and merchants that deploy 3D Secure are fully compliant with PSD2 on eCommerce and mobile payment channels.
However, only the EU region is in the scope of PSD2. This means that non-EU countries, issuers, and merchants do not have to follow PSD2. That is the reason why 3D Secure has much lower adoption outside of the EU. The card scheme also left possibilities for many regions to have 3D Secure 2.0 migration prolonged.
There were rumors that the initial 3DS1 phase-out date by EMVCo will be prolonged for a long time. Finally, MasterCard issues the announcement AN 3391 Mastercard Customer Roadmap to Transition from 3DS 1.0 to EMV 3DS (2.0); where 14 October 2022 is the end of support for 3DS1 at lease MC Identity Check program. So far, there is no announcement from VISA.
Prolongation of the issuer transition period is causing headaches for issuers who need to manage two independent ACS systems and buyers who will face different user experiences for the next two years. Buyers are getting familiar with frictionless transactions, and they welcome it, but frictionless transactions are standardly apply only to 3DS2.
To unify buyer user experience and reduce cart abandonment rate in check out with 3DS1 authentication; with proper Risk Scoring solution; issuers can adopt Risk Scoring to 3DS1 as well. To ensure efficient Risk Scoring and improve UX, the best option is to use a single Risk Scoring solution for ACS1 and ACS2. With ASEE 3DS Risk Scoring module, issuers can integrate both ACS1 and ACS2 services. And, with appropriate risk scenarios, grant frictionless transactions for 3DS1 checkout. This will improve UX for all eCommerce and mobile merchants who are outside of the EU; and don't have to support 3DS2 in the transition period.
To get more insight, we also handpicked the following articles regarding the transition: