Support for 3-D Secure version 1.0.2 (3DS 1) comes to an end globally on October 16, 2022. If you haven't yet upgraded to EMV® 3DS, it's time to take action.
Believe it or not, 3DS 1 has been around since 1999. Back then, eCommerce was a fledgling retail channel and almost all online shopping was done using desktop computers.
Fast forward more than 20 years and the online shopping landscape has changed dramatically. eCommerce volumes have skyrocketed and consumers now shop using phones, tablets, or even smart home devices. However, since 3DS 1 wasn't designed with all those devices in mind, the customer experience hasn’t been as good as it could be, and we think it's fair to say that 3DS 1 is no longer fit for purpose.
To continue providing your customers with a secure and seamless shopping experience, it's time to upgrade to EMV® 3DS if you haven’t yet done so.
Why it's crucial to upgrade before October 16
Although issuers stopped supporting the attempts server in October 2021, merchants have continued to benefit from the liability shift. This will change on October 16, 2022 when support for 3DS 1 is discontinued. From that date on, merchants who stay on 3DS 1 will:
- No longer get a response to authentication requests;
- Experience more failed transactions owing to lack of data;
- Become liable for fraudulent transactions.
For these reasons, it's important that you switch to EMV® 3DS—and there are lots of other benefits, too. Here are just a few:
Device agnostic. EMV® 3DS is device agnostic, so users get the same great experience no matter their device or digital channel.
10x more data. Enhanced data exchange with EMV® 3DS enables better fraud management as issuers can make more informed risk and authorization decisions. This reduces friction for customers and is of particular value in sectors like travel and tourism, where multiple parties may be involved in authorization.
Biometrics support. EMV® 3DS allows biometric authentication wherever issuers support it. This means better customer experiences as it eliminates the need to remember passwords, making eCommerce more intuitive and more like other smart device experiences.
Applying exemptions. Because increased data transparency boosts confidence, authentication exemptions can be applied, even in highly regulated eCommerce environments like the U.K. and EEA, where the revised Payment Services Directive's Strong Customer Authentication requirement (PSD2 SCA) applies.
A note about PSD2 SCA
If your business is subject to PSD2 SCA and you still rely on 3DS 1, you may already be experiencing issues. You're also unable to take full advantage of what PSD2 SCA has to offer.
Once you move to EMV® 3DS, the majority of these issues should go away. For example, you'll no longer experience declines on subscription payments. Once the first (customer-initiated) transaction in a subscription series is authenticated, subsequent merchant-initiated transactions will go through smoothly.
You'll also have more control over authentication. For example, you could request step-up authentication for all sales of high-risk products.
Upgrade now for EMV® 3DS benefits
Switch to EMV® 3DS before October 16, 2022 to ensure you avoid possible customer dissatisfaction, lost sales, and brand damage. You'll meet your acquirers' expectations while your customers enjoy a better brand experience on any device.
You'll also benefit from ongoing improvements to EMV® 3DS. It's already evolved through several versions, each with even more functionality. Once you're on EMV® 3DS, there's little effort involved in upgrading to the next version.
How do I make the switch?
The process will vary depending on whether you have a hosted checkout with Cybersource or you use an API to manage your own integration. To find out more:
- How do I update to EMV 3DS?
- Contact Cybersource’s support team or your account manager.
Note: EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.
Disclaimer: These materials and best practice recommendations are provided for informational purposes only and should not be relied upon for marketing, legal, regulatory or other advice.
Recommended marketing materials should be independently evaluated in light of your specific business needs and any applicable laws and regulations. Cybersource is not responsible for your use of the marketing materials, best practice recommendations, or other information, including errors of any kind, contained in this post.