What is 3D Secure (3DS)?
3D Secure (Three-Domain Secure) is a protocol designed to add an additional layer of authentication for online card transactions. It involves three domains:
- Issuer Domain: The bank that issued the card.
- Acquirer Domain: The merchant’s bank.
- Interoperability Domain: The infrastructure facilitating the transaction (e.g., Visa, Mastercard).
Versions
- 3DS1: Introduced static password-based authentication.
- 3DS2: Enhanced user experience with biometric and risk-based authentication, supporting mobile and app-based payments.
Benefits
- Reduces fraud in card-not-present transactions.
- Complies with regulatory requirements like SCA.
- Enables frictionless authentication for low-risk transactions.
What is the Payment Services Directive (PSD)?
The Payment Services Directive (PSD) is a European Union regulation that governs payment services and providers. It has two iterations:
- PSD1 (2007): Established a single market for payments in the EU.
- PSD2 (2015): Expanded scope to include third-party providers and introduced SCA.
Key Objectives
- Promote innovation and competition in financial services.
- Enhance consumer protection and transparency.
- Mandate secure authentication for electronic payments.
What is Strong Customer Authentication (SCA)?
Strong Customer Authentication (SCA) is a security requirement under PSD2 aimed at reducing fraud and making electronic payments safer.
Authentication Criteria
SCA requires at least two of the following:
- Knowledge: Something the user knows (e.g., password).
- Possession: Something the user has (e.g., phone).
- Inherence: Something the user is (e.g., fingerprint).
Applicability
SCA is required for:
- Accessing payment accounts online.
- Initiating electronic payments.
- Actions that may involve fraud risk.
Exemptions
- Low-value transactions.
- Recurring payments with fixed amounts.
- Transactions to trusted beneficiaries.
Interrelation of 3DS, PSD, and SCA
| Component | Purpose | Connection |
|---|---|---|
| 3DS | Authentication protocol | Implements SCA for card payments |
| PSD | Regulatory framework | Mandates SCA and governs payment services |
| SCA | Security requirement | Enforced under PSD2, supported by 3DS |
These elements work together to create a secure and compliant environment for electronic payments, particularly within the European Economic Area.