What is the difference between 3-D Secure version 1 and 2?

 3-D Secure v1 will be sunset starting October 2021 (fully retired October 2022). In the interest of security, and to ensure your transactions meet the PSD2 mandate, you must immediately migrate your solution to use 3-D Secure version 2 (EMV 3DS). Click here to learn how.

Migrating to EMV 3DS will likely lead to an increase in authentication approvals on your site, as improvements to security checks performed in the background reduce the need to challenge customers to take additional steps to prove their identity. Challenges have also been made faster and easier for legitimate customers to complete, as EMV 3DS can allow them to authorise a transaction using their banking app, or through biometric security such as fingerprint/facial recognition (if their bank supports it), and exemptions can be applied to bypass authentication in certain lower-risk scenarios (contact your acquiring bank for further information on exemptions).

The original 3-D Secure standard was launched in 2001. It was an important step taken by the banking and e-commerce industry to protect businesses and their customers from fraud. While remaining a popular method of securing online checkouts, there have been many changes in the way customers make purchases online since 3-D Secure was first introduced. More than ever, consumers expect a secure and frictionless checkout experience, with which they can complete payments on their device of choice (be that a desktop computer or smartphone).

The latest version of EMV 3-D Secure, version 2, was introduced in late 2019 to address these new demands. It enables you to further strengthen the security of your checkout, allowing for intelligent authentication which is faster and easier for your customers than ever before. Read the table below to learn how:

Version 1 Version 2
  3-D Secure version 1 is compliant with PSD2 for now, but will be sunset starting October 2021, after which liability protection for attempted authentications will be lost.   3-D Secure version 2 is compliant with PSD2.
  In the event of a dispute with the transaction at a later date, the card issuer may take financial responsibility for the chargeback, but with reduced protection available from October 2021.   In the event of a dispute with the transaction at a later date, the card issuer will take financial responsibility for the chargeback in most instances.
  Allows for checking of a basic set of metadata and session data during the transaction, and is more likely to interrupt customers to perform authentication.   Checks a richer set of metadata and session data during the transaction, allowing most payments to be processed without interruption.
  Authentication using PIN or passwords that the customer may struggle to remember, leading to lower conversion rates.   Authentication can be performed with biometrics (fingerprint/facial recognition) or sending a code to a customer's mobile device (two-factor authentication), leading to improved conversion rates.
  Minimal support for modern mobile devices.   Comprehensive support for modern mobile devices.
  More expensive scheme fees.   Cheaper scheme fees.
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request