3DS2 Visa Secure: What Is It and How Does It Affect My Business?
|Update as of 17 August 2022|
|Visa has withdrawn the proposed 3DS2 mandate so it is no longer mandatory for Merchants operating in Australia and New Zealand to have 3DS2.0 enabled by 15 October 2022 to continue transacting with Visa. However, we still strongly recommend having 3DS2 as an additional protection against fraudulent transactions. Contact us to talk through your options and find what works best for your platform and clients.|
Jump to a section
Visa Secure is a program by Visa that is designed to reduce the prevalence and severity of fraud for Merchants and businesses that transact using Visa. The rollout of 3DS2 is no longer mandated by Visa, meaning you do not need to have 3DS2 enabled to continue processing transactions after 15 October this year. However, Visa will still be sunsetting 3DS1.0 and only accepting 3DS2.0 transactions from the 15th October onwards.
EMV 3DS2 is an authentication protocol that was designed to reduce fraud, increase customer security and reduce merchant liability to chargebacks. The new 3D Secure 2 (3DS2) protocol has been developed to meet the requirements of the modern remote payments environment, including the mobile checkout experience, and is also the solution for European businesses to the upcoming Strong Customer Authentication (SCA) regulations.
The new 3D Secure 2 (3DS2) protocol has been developed to meet the requirements of the modern remote payments environment, including the mobile checkout experience.
3DS2 is designed to increase approval rates and reduce fraudulent transactions, such as enumeration attacks.
Enumeration attacks are a type of fraud attack in which a criminal ‘systematically submits transactions with enumerated values for the primary account number (PAN), Card Verification Value 2 (CVV2), expiration date and postal code to derive legitimate payment account details. This type of attack is commonly referred to as a brute force attack,’ Visa describes in their Australia 2021 Security Roadmap Launch.
3DS2 and the Visa Secure Program
3DS2 forms a crucial part of the Visa Secure Program. Visa have released a product roadmap and information detailing the changes to EMV 3DS2 and how it incorporates into their wider program. Click the button below to download a copy.
What is EMV 3DS2?
3DS2 is a more secure way to process payments and provides a better checkout experience for shoppers. Rather than requiring a multi-step verification process, including a one-time password, 3DS2 collates online activity, and analyses previous shopping behaviour to verify a transaction. Implementing 3DS2 has been shown to increase payment approval rates and decrease successful fraudulent transactions.
For more information on 3DS2, click here.
According to Visa, businesses who implement 3DS2 are already seeing positive results:
As Visa issuers in Australia have enabled Visa Secure [with 3DS2], the benefits of the additional data available to authenticate an online transaction have been realised. Domestic transactions have experienced an uplift in approval rates and a reduction in fraud. In addition, the Non-Payment Authentication feature to authenticate a Visa cardholder outside of the transaction has proven useful in cases such as ride hailing and fuel dispensing where the transaction occurs after the goods or services are provided.– Visa Security Roadmap, 2021-2023
Information Specific to Your Setup With Us
How to incorporate 3DS2 into your payments ecosystem
By activating 3DS2 with Payrix, all of your electronic card transactions, including Visa, Mastercard and Amex will be protected.
Depending on your relationship with us and the type of integration you have set up, the process to implement 3DS2 may change slightly. Click on the below scenario that matches your current integration setup with Payrix to find out more about how you can implement 3DS2.
If you are currently integrated with Payrix via REST API, you can view our API documentation here for the required steps to enable 3DS2:
This is an example of a Hosted Payment Page.
If you are using one of our Hosted Payment Pages you will not need to do any development or coding work on your side to have 3DS2 enabled. You simply need to contact us with your request to turn on 3DS2 and once activated, the payer will see 3DS2 as part of the checkout flow moving forward.
If you are using a SOAP integration and want to enable 3DS2, we recommend you contact us to speak through the required steps, as they will be different depending on your setup with us. You can use the contact form below, or get in touch with your account manager at Payrix via your usual channels.
At a high level, clients with a SOAP integration will need to replace their current card capture and transaction generation calls from SOAP, move to REST Tokenisation and Transaction Processing and then process 3DS 2as per the 3DS2 sub section: https://docs.rest.paymentsapi.io/#faff43cd-5e44-471c-ad23-64a1fd28f90f.
We encourage you to contact us to work through these items so we can assist you with the required development.