What is 3DS 2.0?

3DS stands for 3-D Secure, is a protocol developed and maintained to provide the framework for online credit and debit card verification. Products built on this protocol include Verified by Visa, MasterCard SecureCode, Discover ProtectBuy and American Express SafeKey.

Why are additional security measures in place for EU-based cardholders?

On September 14, the revised Payment Services Directive (PSD2) will require additional authentication called Strong Customer Authentication (SCA) for customers making purchases online. This additional authentication adds an additional layer of security and confidence for customers when purchasing online.

How is CCBill supporting the additional authentication requirements of PSD2?

CCBill has implemented the 3DS protocol across all payment forms, as well as our log in and pay system, CCBill Pay. For any customer where this additional authentication is required, CCBill will authenticate the customer with 3D Secure 2 using a passcode, pin number, or biometric input depending on what the customer’s bank supports.

What is Strong Customer Authentication (SCA)?

European laws require the use of SCA for online payment processing. Whenever an EU cardholder makes a payment online, SCA is initiated. Prior to PSD2, an EU consumer could have just entered their card number and CVC, however now they are required to verify the payment with SCA.

The most important feature of SCA is two-factor authentication (2FA). Two-factor authentication significantly reduces the risk of fraudulent transactions, as it requires two or more pieces of information to authorize a payment. 2FA combines the use of something you know (e.g., account credentials) and something you have (e.g., biometrics) to authorize a payment.

Factors of authentication for 2FA

Is the additional Strong Customer Authentication required for non-European customers?

No, it is only mandatory for cards issued by EU-based banks.

Do EU consumers need to authenticate each time they make a transaction?

Customer will need to complete the secure customer authentication for any new, initial purchase but 3DS 2.0 brings improvements to the authentication process by allowing the background exchange of data. This allows businesses to provide a seamless buying experience for consumers including storing of card information to facilitate future purchases such as rebills and promotional sales.

Is SCA required when a Consumer is adding a payment method in CCBill Pay?

Yes, if the cardholder’s bank supports 3DS 2.0 authentication, they will be asked to authorize the addition of a payment card to their CCBill Pay account.

As a CCBill Merchant, will I see any benefits to having 3DS enabled?

You may see lower chargeback rates for all purchases performed by EU-based cardholders. 3DS will reduce the risk of fraudulent transactions and thus lead to less chance of dealing with chargebacks.

Do I need to create new CCBill payment forms to comply with the 3DS 2.0 regulations?

No, there is no need to create new forms. All existing payment forms will automatically employ 3DS 2.0 features.

Where can I find more information on 3-D Secure 2.0?

EMVco maintains the 3-D Secure protocol. Please refer to their EMV 3-D Secure page for more details.