Payments Dialog: Compliance with 3DS2

On this episode of Payments Dialog, we provide an overview of 3D Secure 2 (3DS2) and how Payments Orchestration helps keep your organization in compliance.

We interview Janna Johnson, product manager at Spreedly who addresses topics like the shift between 3DS and 3DS2 and what's new, how 3DS2 helps reduce fraud, and how Payments Orchestration can help scale your 3DS2 solution.

‍

‍

Questions about your payments compliance needs and how Spreedly can help with Payments Orchestration? Reach out to us here.

‍

Rough transcript of Payments Dialog:

Peter Mollins:

Hi there. This is Peter Mollins with Spreedly and welcome to another edition of Payments Dialog. In Payments Dialog, I get the chance to talk to payments experts and folks working in the payments space to talk about interesting topics around payments. So today we're going to be talking with Janna Johnson about 3DS2 and what Spreedly is doing to solve for 3DS2. So Janna, welcome to Payments Dialog.

Janna Johnson:

Thank you. I'm excited to be here.

Peter Mollins:

Excellent. Well, for those folks that haven't had a chance to hear from you before, would you mind just giving a quick intro and what you focus on at Spreedly?

Janna Johnson:

Yeah, so I'm a product manager here at Spreedly over our integrating team, but my main focus for the past eight months has been everything 3DS2 related. So I'm excited to give you guys a little more information.

Peter Mollins:

Terrific. Well Spreedly of course is as we all know is a payments orchestration vendor, so it helps companies to connect to and optimize their payments infrastructure by connecting to multiple payments services. Now, 3DS2 of course is an important standard when it comes to payments. Maybe can you give our listeners a bit of background on what exactly 3DS2 are?

Janna Johnson:

Yeah. So the first iteration of 3DS actually came about in 1999, and then in 2001, you see card networks beginning to implement it with branded under their own name, such as verified by Visa or MasterCard identity check. But since then, there's been a lot of changes in the e-commerce market. So 3DS needed to move with the trends as well. Obviously back then in 1999, the only place that you could order online was from your personal computer. And obviously now we have mobile devices and different apps that allows you to do so. So it really needed this revamping.

So EMVCo came up with 3DS2 in 2018, which really has all of those changes that the marketplace had been needing. So with 3DS2 it improves the fraud screening experience while also improving the customer experience as well. And it requires that, in addition to your primary account number that you require something that you have, something that you know, or something that you are such as a biometric, like using your fingerprint to show that you truly are the card holder when you were in that checkout experience.

Peter Mollins:

Got it. So, 3DS2 really is the successor to 3DS', I guess, as the name implies. Maybe can you give a bit more detail about the shift between 3DS and 3DS2 and what's new? What's changed?

Janna Johnson:

Yeah. So there are lots of notable improvements. Like I said, one, you can now perform 3DS on a mobile SDK, which you did not have that capability in 1999, and it really does greatly improve the customer experience. So probably one of the most notable improvements is that with 3DS2, it introduces this idea of a frictionless checkout flow. So with 3DS1, nearly every single transaction, in order to authenticate yourself, you'd be taken to a completely new tab and your banks tab, and you would have to log into your bank account using a static password. And a lot of people don't even remember what that password is. So they tend to drop out of that checkout flow. So with 3DS2, now behind the scenes, 10 times more data is being sent to the access control server so that a transaction risk analysis can be performed to deem if the transaction, how risky it is or not.

So it's sending things like what device you're on, what time zone and a whole bunch of information about the browser. So it's a much more robust picture of what's happening during that checkout flow. And with all of that information, it's projected that about 90% of transactions are going to be able to go through this frictionless flow. So the user is not interrupted at any point. Then for the remaining 10% of transactions that are deemed at a higher risk, there still is that step up challenge, but it could be, it's something a lot more invasive than being taken out to a different tab. And it's more so a popup in your window where you might be sent a text message and then asked to enter in this one-time passcode to authenticate yourself. So you never have to actually leave the merchant's checkout screen, which really does make for a much better experience.

Peter Mollins:

Got it. So it sounds like if merchants and platforms were able to work with that standard or work with that approach, then they're reducing the amount of friction in the purchase. And then also they're getting the benefits of reduced fraud. I imagine that's also a big benefit of 3DS2, isn't it?

Janna Johnson:

Yeah, exactly. You're going to see fraud rates improve, and then also a big change, decreases your cart abandonment rates as well.

Peter Mollins:

Got it. Yeah. And I imagine for companies that have recurring businesses or where they're expecting a customer to keep coming back, that's going to be a huge win for them. So sounds great. Now Spreedly, of course is as a payments orchestration vendor, but how does Spreedly itself help to meet those compliance mandates around 3DS and 3DS2?

Janna Johnson:

Yeah. So Spreedly's 3DS2 solution, one of the biggest benefits of it is because we are a payments orchestration layer, and we are connected to so many different gateways across the world. You can scale your 3DS2 solution. You're not restricted to just one payment gateway. So if you connect with us, you register only one time with the 3DS, our 3DS2 solution. And then you have over 10 different 3DS2 supported gateways on our platform that you can route your transactions to. And so that makes it so that you don't have to register individually with each different 3DS2 solution with various gateways. You register once with us, and now you have access to multiple different gateways for these 3DS2 authenticated transactions.

Peter Mollins:

Got it. So because you're able to connect to those multiple payment gateways, you're able to still take advantage of payments orchestration and the value that really brings around payments orchestration.

Janna Johnson:

Yeah, exactly. And our new solution also comes with EMVCo certified iOS and Android SDKs as well, so that you can use it not only on your browser, but merchants can implement these 3DS SDKs in their apps as well. So you can scale to different gateways, but also through different devices as well. So it meets a lot of different needs.

Peter Mollins:

Great. And with payments orchestration, I always hear some of the big value points around it, some of the pains that it's addressing are around international expansion and being able to service multiple geographies as you're entering into them. And one thing you always hear about with 3DS2 or I often hear about is about a European focus, but do you think it's a Europe only thing, or do you also hear about it in Latin America and other geographies?

Janna Johnson:

Yeah, so currently the big focus is in Europe. That's when the deadline's coming December 31st and then in March for the UK, but you are seeing Brazil in particular in Latin America. They are really putting a focus on 3DS2 and also Australia as well. So it's not mandated in those other locations, like I mentioned yet, but it's definitely coming around and I wouldn't be surprised if it is required within the next year and in one of those places.

Peter Mollins:

Right. And is that seen as a way to reduce fraud, is that a major reason for them?

Janna Johnson:

Yeah, exactly. It's to reduce fraud. That is particularly a problem that you're seeing in those larger markets in Latin America, like I mentioned in Brazil, and then also Australia as well. So it is a great tool to help improve those success rates while keeping it a safe customer experience and those card details safe throughout the transaction process.

Peter Mollins:

Well, that sounds great. So if someone finds this interesting and wants to find out more details, what are the resources that Spreedly have around payments orchestration and 3DS2?

Janna Johnson:

Yeah. So we have multiple blogs up on the Spreedly blog. So you can see one that's particularly focused on our mobile SDK solution. And then one also on browser, one post on general, the background and PSD2 regulations if you just kind of need a more broad idea of 3DS2, and we're going to be compiling all of those blogs into one roll up so it's easier to find. And we also have a fireside chat payments FN talk with one of our retailers and how they solved for 3DS, so that's a great resource as well, to hear some really intelligent people talking about 3DS2, what's going on in the market and how they solved for it. So we have lots of different things up on our blog that you can check out.

Peter Mollins:

Well, terrific. Well, this, really enjoyed the chance to connect, and I appreciate all the insight around 3DS2 and how Spreedly can help. So, Janna, thank you.

Janna Johnson:

Thank you, Peter. I enjoyed it.

Peter Mollins:

Excellent. Well, we'll speak again. And for more Payment Dialogs, please do check out the Spreedly blog where you can find them. A lot of different conversations that we have. And if you're interested in joining the conversation, feel free to reach out and we'd be very happy to connect and would love to have the conversation with yourselves about instant payments topics. So again, thanks for joining and see you next time.

‍

Download the PCI Compliance eBook Below