Two-Factor Authentication, or 2FA, is a way of confirming the user's identity by checking two out of three security elements. It is a subset of Multi-Factor Authentication and requires exactly two out of three security elements. The mentioned security elements include something the user knows (PINs, passwords), something the user owns (phone, card), or something the user is (fingerprint, face recognition).
3D Secure 1.0, also known as 3DS1, is a protocol launched by VISA in 2001 with the intention of assuring an additional security layer for online payments. VISA users are familiar with it under the name VerifiedBy Visa, but the protocol is also used by other major card schemes, including MasterCard, Amex, JCB, and Diners Club. Authentication is done by using a password or PIN during checkout as an additional step for verifying the cardholder's identity. This protocol was originally designed for browsers and had poor performance on mobile devices.
3D Secure 2.0, also known as 3DS2, is a new version of the protocol motivated by issues revolving around the initial version, 3DS1. By having access to enriched transaction and customer data, 3DS2 enabled risk assessment and frictionless (no need for CH authentication) online payments. Moreover, it introduced additional authentication methods, including biometrics, and provides a smooth user experience on mobile devices.
3D Secure protocol is an eCommerce authentication protocol enabling secured processing of online payments, non-payment, and account confirmation card transactions.
3DS Requestor is a 3D Secure component responsible for initiating the 3D Secure Authentication Request within a purchase flow, i.e., 3DS Requestor initiates the AReq message.
3D Secure SDK is software designed to facilitate cardholder authentication within a merchant's app allowing the fully in-app experience. In order to verify the cardholder's identity during an in-app purchase, 3DS SDK initiates challenge flow and displays authentication windows to the CH.
3DS Server is a 3D Secure component present on the Merchant and Acquirer side. Its role is to:
- handle online transactions and facilitate communication between the 3DS Requestor and the Directory Server
- Validate Directory Server (DS), 3DS SDK, and 3DS Requestor
- Authenticate Directory Server (DS)
3RI transactions, also known as merchant initiated transactions, are introduced in 3D secure 2. They offer merchants the possibility to generate required authentication data necessary for customer authentication without the end-user being directly involved in the process, for example, in recurring transactions like subscriptions. 3RI transactions enable merchants to reference the previous authentication where the customer was actually involved.