Authentication with 3-D Secure version 1 was fully retired October 2022. If your solution has not been migrated to EMV 3DS (version 2) and you are located in a region where SCA is mandated, you may be liable for fraudulent chargebacks incurred on your account. Click here to learn how to enable EMV 3-D Secure version 2.
The original 3-D Secure standard was launched in 2001. It was an important step taken by the banking and e-commerce industry to protect businesses and their customers from fraud. While remaining a popular method of securing online checkouts, there have been many changes in the way customers make purchases online since 3-D Secure was first introduced. More than ever, consumers expect a secure and frictionless checkout experience, with which they can complete payments on their device of choice (be that a desktop computer or smartphone).
The latest version of EMV 3-D Secure, version 2, was introduced in late 2019 to address these new demands. It enables you to further strengthen the security of your checkout, allowing for intelligent authentication which is faster and easier for your customers than ever before. Read the table below to learn how:
| Version 1 | Version 2 |
| 3-D Secure version 1 is compliant with PSD2 for now, but will be sunset starting October 2021, after which liability protection for attempted authentications will be lost. | 3-D Secure version 2 is compliant with PSD2. |
| In the event of a dispute with the transaction at a later date, the card issuer may take financial responsibility for the chargeback, but with reduced protection available from October 2021. | In the event of a dispute with the transaction at a later date, the card issuer will take financial responsibility for the chargeback in most instances. |
| Allows for checking of a basic set of metadata and session data during the transaction, and is more likely to interrupt customers to perform authentication. | Checks a richer set of metadata and session data during the transaction, allowing most payments to be processed without interruption. |
| Authentication using PIN or passwords that the customer may struggle to remember, leading to lower conversion rates. | Authentication can be performed with biometrics (fingerprint/facial recognition) or sending a code to a customer's mobile device (two-factor authentication), leading to improved conversion rates. |
| Minimal support for modern mobile devices. | Comprehensive support for modern mobile devices. |
| More expensive scheme fees. | Cheaper scheme fees. |