The new protocol comes with substantial improvements that are set to reshape the checkout experience for users and merchants. What’s new with ‘3DS2’:
No authentication steps
With EMV 3DS, EMVCo has gotten rid of the cumbersome authentication requests that turned so many users down. When a transaction is trusted, users just hit Buy and wait for the payment confirmation message. When a transaction is suspicious, or the issuer doesn’t think it is legitimate, the user will have to authenticate herself with something she is familiar with such as a fingerprint scan, making the authentication step that much more seamless. However, in some scenarios (e.g., regulated markets) EMV 3DS will require the issuer to also authenticate trusted consumers.
The smartphone, that piece of tech we can’t be without, was not around when the old version came out. The new EMVCo specification is mobile friendly and integrates with mobile apps as well as with browser-based environments.
More transaction data
The new protocol gathers up to 150 data points to evaluate a transaction (compared to the 15 data points 3DS had access to). Some of these data points are required and others are optional. However, the more information merchants decide to share with issuers, the higher the issuer’s decision accuracy will be.
Merchant 3DS opt-out
EMVCo offers a compromise for those who want to have access to the protocol but also decide when and how to use it. With the EMV 3DS’ Data Only option, merchants can choose which transactions they send through the protocol and which ones they don’t. By opting out, they can still send the additional sets of transaction data to issuers to influence their decision.