SlideShare ist ein Scribd-Unternehmen logo

3D-Secure 2.2 Webinar

I
Ivona M

The webinar discusses the benefits and challenges of 3D Secure and highlights new features in version 2.2 that aim to improve the user experience. Key points include: - 3D Secure provides benefits like liability shift but can create friction for cardholders during online transactions. - Version 2.2 focuses on minimizing user actions and authentication through tools like merchant white listing, risk-based exemptions, and decoupled authentication. - Merchant white listing allows cardholders to add trusted merchants to their own list and skip authentication for future purchases from those merchants. - Decoupled authentication separates authentication from payment, allowing it to occur offline through mobile notifications within a configurable time window.

Software
1 von 26
Downloaden Sie, um offline zu lesen
Relieve the Pain and Win the Gain of 3D-Secure 2.2 Upgrade! Dubravko Kovačić Product Manager, Asseco SEE Zdravko Barec Solution Sales Specialist, Payten
All attendees will be on mute during the webinar to avoid background noises. You can type your questions into the Q&A box and we’ll address them during the Q&A session at the end. Webinar will be recorded and you can expect the recording next week. Important information before we begin.
Agenda 3D secure basics. User experience improvements. New features. Dubravko Kovačić Product Manager, Asseco SEE Zdravko Barec Solution Sales Specialist, Payten
E-Commerce trends Source: eMarketer, Jan 2020
5 Benefits of using 3D secure 3D secure brings benefits for all involved parties in the eCommerce with payment cards 3D secure gives them peace of mind and increased confidence while using their payment cards Cardholders Easier chargeback process with 3D secure due to liability shift Acquirers Granted liability shift while using 3D secure mitigates merchants risk Merchants 3D secure brings decreased online fraud and low amount of disputed transactions Issuers
6 Challenges of 3D secure 3D secure also brings challenges in the eCommerce with payment cards • 3D secure requires additional steps to perform eCommerce transactions by the cardholder – requires additional time and effort. • 3D secure can be a showstopper of eCommerce transactions if cardholder cannot authenticate (lost his token or mobile phone, forgot static password, etc.) – cardholder might abandon shopping and use other way to pay.
3D secure is interoperable three-domain solution for enabling cardholder authentication when paying online 3D Secure roadmap Introduced by VISA to prevent eCommerce fraud Defined by EMVco to align with EU PSD2 regulation Designed to offer best possible user experience with minimal friction 3DS 1.0.2 EMV 3DS 2.1 EMV 3DS 2.2 1999 2016 2018
3D Secure fulfills PSD2 demands • PSD2 requires Strong Customer Authentication (SCA) on all electronic channels, proximity, mobile and web payment within European Economic Area (EEA) with acceptable exemptions. • SCA recommended to be applied even outside of EEA Card scheme’s 3DS programs EMVCo 3DS PSD2 (e-commerce channels)
9 Card networks 3D secure v2.x rules (Europe) Majority of card networks adopted 3D secure v2.x From 1th of September 2019* • Mandate EMV 3DS 2.0 and Identity Check Program or alternative technical SCA solutions for all issuers; all BIN ranges must be enrolled • Mandate EMV 3DS 2.0 and Identity Check Program or alternative technical SCA solutions for all acquirers and their online merchants *AN 1533—Revised Safety and Security Standards Roadmap for Select Countries in Central and Eastern Europe Generated on 14 November 2018 From 14th of March 2020 • Visa EMV 3DS 2.1 mandate for Issuers From H2 / 2020 • Visa EMV 3DS 2.2 mandate for Issuers (14th of September) • Visa EMV 3DS 2.2 mandate for Acquirers (16th of October)
Buyers prefers UX over security? Baymard’s Institute research from 2019, shows that two thirds of purchases are abandoned, with 23% of people citing complicated checkouts as the reason.
Mobile app. based purchase and payment Transaction risk analysis Advanced authentication UX tools in 3D Secure v2.0/2.1
14 New upgrade is focused to minimize buyer actions and reduce authentications! Card sheme targets 80% frictionless transactions New UX tools in 3D Secure 2.2 MERCHANT WHITE LISTING MERCHANT EXEMPTION DECOUPLED AUTHENTICATION CARD SCHEME RISK SCORING MIT EXCLUSION
SMS OTP Dynamic linking Push QR code Biometry Out of the band Decoupled Low value transactions Transaction Risk Analysis Secure Corporate Payment Merchant White List Recurring transactions Merchant exemption StrongCustomer Authentication Exemptions
Buyer can add merchant to it’s own white list and to skip SCA at the next purchases Merchant White List • Faster and more convenient payments • Better user experience The second Payment Service Directive PSD 2 in the European Economic Area (EEA) countries and the related Regulatory Technical Standards (RTS) allow payers (cardholders) to ‘white list’ trusted beneficiaries to exempt them from Strong Customer Authentication (SCA). This white listing of merchants is also allowed for card payments. MERCHANT WHITE LISTING
Merchant White List roles •Creates list of eligible merchants for Merchant white list which will be offered to buyer •Request SCA for adding Merchant to white list •Monitors transactions at the white listed merchants for SCA step-in in case higher risk is indicated (different device, different delivery address, etc) •Keep eye on Merchant fraud rate Issuer •During transaction, confirms to put Merchant to white list to avoid SCA at the following transactions • Possibility to add or remove Merchant to/from white list via m-banking or other banking channels • Proceed with SCA when adding merchant to white list Buyer •Communicate benefits of White Listing to its end-clients •Initiates payment always with 3DS authentication Merchant
Adding Merchant to the list during payment transaction Same authentication screen Additional screens
• One authentication for MWL and purchase or separate authentications for MWL and purchase • ACS API interface for managing and deleting merchant from white list via mbanking or web banking channels Available MWL options
New feature in 3DS 2.2 Merchants requesting MWL  EMV 3DS 2.2 allows merchants to request white listing as part of the authentication transaction  After white listing, merchants can optionally use the white list exemption in subsequent EMV 3DS 2.2 authentication requests  A merchant can check their white listing status using EMV 3DS 2.2 3RI (3DS Requestor Initiated) messages
White listing eligible candidates  Batch file input - issuer makes independent analysis (for instance in authorisation or back office) and import batch with eligible merchants  Automatic ACS collection based on data in 3DS authentication requests  3DSRequestorAuthenticationData with values  02/authentication using merchant credential  03/authentication using federated ID  05/authentication using 3rd party authentication  06/authentication using FIDO authenticator.  ShipIndicator with value 02/ship to verified address on file.  CardholderAccountAgeIndicator with values  03/ Less than 30 days  04/ 30−60 days  05/ More than 60 days.  Automatic ACS collection based on MC extension data - Merchant fraud rate  Merchant white list exemption request
MasterCard Smart authentication ACS risk scoring only MC risk scoring only Higher risk Lower risk In MC 2.1+ Message extension Mastercard provides additional risk assessment that ACS can consider in risk scoring for SCA exception • Banks will be more confident to enable frictionless flow for transactions that MC indicates as low risk • Bank can configure how to take MC risk scoring into account together with ACS risk assessment • Supported only for MC
Enables authentication for Merchant Initiated Transaction (MIT) or 3DS Requestor Initiated Transactions (3RI) and MOTO transactions. Up to 3DS v2.2 such transactions were necessary excepted from SCA or used for nonpayment transactions. Decoupled authentication • Authentication is separated from payment transaction • Authentication is initiated when cardholder is offline • Configurable maximum waiting time for authentication (up to few days)
25 Buyer initiate purchase transaction Merchant (3DSS) sends Authentication requests ACS reqires SCA Buyer receives push message Buyer authenticate transaction using mobile token Merchant (3DSS) receives authentication response and proceed with authorization Merchant initiates purchase transaction Merchant (3DSS) sends Authentication requests ACS reqires SCA Buyer gets Auth request on his mobile banking account Merchant (3DSS) receives authentication response and proceed with authorization Buyer logs into mbanking Buyer open authentications in queue and approves one or more Out of Band authentication process (push) Decoupled authentication process
26 Our 3D Secure portfolio ACS server 3DS Server Mobile SDK Risk scoring engine Authentication Asseco SEE TriDES2 is a complete solution for issuing and acquiring institutions who wants to reduce risk of fraudulent online payment transactions with the Strong Customer Authentication.
Thank you! 28 → Dubravko.Kovacic@asseco-see.hr → Zdravko.Barec@payten.com
29
Legal disclaimer The content presented in this presentation is subject to copyright protection and has the ownership title. Texts, graphics, photographs, sound, animations and videos as well as their distribution in the presentation are protected under the Copyright and related rights Law. Unauthorized use of any material contained in the presentation herein may constitute an infringement of copyright, trademark or other laws. The materials in this presentation may not be modified, copied, publicly presented, executed, distributed or used for any other public or commercial purposes, unless the Board of Asseco South Eastern Europe S.A. gives consent in writing. Copying for any purpose, including commercial use, distribution, modification or acquisition of the contents of this presentation by third parties is prohibited. Moreover, this presentation may contain reference to third-party offers and services. Terms of use for such offers and services are defined by these entities. Asseco South Eastern Europe S.A. assumes no responsibility for the conditions, contents and effects of the use of offers and services of these entities. The data and information contained in this presentation are for information purposes only. Presentation was prepared with the use of Inscale company products. The name and logo of Asseco South Eastern Europe S.A. are registered trademarks. Use of these marks requires prior express agreement of Asseco South Eastern Europe S.A. 2018 © Asseco South Eastern Europe S.A.

Empfohlen

The 3-D Secure Protocol
The 3-D Secure ProtocolThe 3-D Secure Protocol
The 3-D Secure Protocol
Vlad Petre
 
PSD2 and 3DS2. The impact.
PSD2 and 3DS2. The impact.PSD2 and 3DS2. The impact.
PSD2 and 3DS2. The impact.
Lewis Horder
 
Digital signature
Digital signatureDigital signature
Digital signature
Digvijay Singh Karakoti
 
Digital Payment and 3-D Secure by Netcetera
Digital Payment and 3-D Secure by NetceteraDigital Payment and 3-D Secure by Netcetera
Digital Payment and 3-D Secure by Netcetera
Netcetera
 
Hyperledger Fabric
Hyperledger FabricHyperledger Fabric
Hyperledger Fabric
Murughan Palaniachari
 
eIDAS Reference Guide
eIDAS Reference GuideeIDAS Reference Guide
eIDAS Reference Guide
SafeNet
 
Hyperledger fabric 20180528
Hyperledger fabric 20180528Hyperledger fabric 20180528
Hyperledger fabric 20180528
Arnaud Le Hors
 
3-D Secure 2.0
3-D Secure 2.03-D Secure 2.0
3-D Secure 2.0
Netcetera
 

Empfohlen

The 3-D Secure Protocol
The 3-D Secure ProtocolThe 3-D Secure Protocol
The 3-D Secure Protocol
Vlad Petre
 
PSD2 and 3DS2. The impact.
PSD2 and 3DS2. The impact.PSD2 and 3DS2. The impact.
PSD2 and 3DS2. The impact.
Lewis Horder
 
Digital signature
Digital signatureDigital signature
Digital signature
Digvijay Singh Karakoti
 
Digital Payment and 3-D Secure by Netcetera
Digital Payment and 3-D Secure by NetceteraDigital Payment and 3-D Secure by Netcetera
Digital Payment and 3-D Secure by Netcetera
Netcetera
 
Hyperledger Fabric
Hyperledger FabricHyperledger Fabric
Hyperledger Fabric
Murughan Palaniachari
 
eIDAS Reference Guide
eIDAS Reference GuideeIDAS Reference Guide
eIDAS Reference Guide
SafeNet
 
Hyperledger fabric 20180528
Hyperledger fabric 20180528Hyperledger fabric 20180528
Hyperledger fabric 20180528
Arnaud Le Hors
 
3-D Secure 2.0
3-D Secure 2.03-D Secure 2.0
3-D Secure 2.0
Netcetera
 
Cloud security
Cloud security Cloud security
Cloud security
n|u - The Open Security Community
 
Digital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksDigital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For Banks
Evernym
 
Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019
Heather Vescent
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
Sylvain Maret
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSI
Torsten Lodderstedt
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Naveen Kumar
 
Decentralized Identifiers
Decentralized IdentifiersDecentralized Identifiers
Decentralized Identifiers
Markus Sabadello
 
US Digital Immigration Credentials Overview
US Digital Immigration Credentials OverviewUS Digital Immigration Credentials Overview
US Digital Immigration Credentials Overview
Anil John
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
Buddhika Karunanayaka
 
What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?
Evernym
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and Beyond
Jim Fenton
 
CPX23_Moti_2nd_best_sec_will_get_u_breached_v11.pdf
CPX23_Moti_2nd_best_sec_will_get_u_breached_v11.pdfCPX23_Moti_2nd_best_sec_will_get_u_breached_v11.pdf
CPX23_Moti_2nd_best_sec_will_get_u_breached_v11.pdf
Moti Sagey מוטי שגיא
 
Aruba ClearPass’e Genel Bakış Ve Demo Sunum
Aruba ClearPass’e Genel Bakış Ve Demo SunumAruba ClearPass’e Genel Bakış Ve Demo Sunum
Aruba ClearPass’e Genel Bakış Ve Demo Sunum
Özden Aydın
 
Verifiable Credentials for Travel & Hospitality
Verifiable Credentials for Travel & HospitalityVerifiable Credentials for Travel & Hospitality
Verifiable Credentials for Travel & Hospitality
Evernym
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXKeep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
NGINX, Inc.
 
Best Cyber Security Projects | The Knowledge Academy
Best Cyber Security Projects | The Knowledge Academy Best Cyber Security Projects | The Knowledge Academy
Best Cyber Security Projects | The Knowledge Academy
The Knowledge Academy
 
Embedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment IndustryEmbedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment Industry
Narudom Roongsiriwong, CISSP
 
Smart Card EMV for Dummies
Smart Card EMV for DummiesSmart Card EMV for Dummies
Smart Card EMV for Dummies
Silly Beez
 
Presentation cisco iron port email & web security
Presentation cisco iron port email & web securityPresentation cisco iron port email & web security
Presentation cisco iron port email & web security
xKinAnx
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
Simmi Kamra
 
Psd2 brochure
Psd2 brochurePsd2 brochure
Psd2 brochure
MirandaCarterGibbs
 
PayU 3D Secure Merchant Guide
PayU 3D Secure Merchant GuidePayU 3D Secure Merchant Guide
PayU 3D Secure Merchant Guide
Penny Paine
 

Weitere ähnliche Inhalte

Was ist angesagt?

Digital certificates
Digital certificatesDigital certificates
Digital certificates
Simmi Kamra
 

Was ist angesagt? (20)

Cloud security
Cloud security Cloud security
Cloud security
 
Digital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksDigital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For Banks
 
Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSI
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Decentralized Identifiers
Decentralized IdentifiersDecentralized Identifiers
Decentralized Identifiers
 
US Digital Immigration Credentials Overview
US Digital Immigration Credentials OverviewUS Digital Immigration Credentials Overview
US Digital Immigration Credentials Overview
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 
What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and Beyond
 
CPX23_Moti_2nd_best_sec_will_get_u_breached_v11.pdf
CPX23_Moti_2nd_best_sec_will_get_u_breached_v11.pdfCPX23_Moti_2nd_best_sec_will_get_u_breached_v11.pdf
CPX23_Moti_2nd_best_sec_will_get_u_breached_v11.pdf
 
Aruba ClearPass’e Genel Bakış Ve Demo Sunum
Aruba ClearPass’e Genel Bakış Ve Demo SunumAruba ClearPass’e Genel Bakış Ve Demo Sunum
Aruba ClearPass’e Genel Bakış Ve Demo Sunum
 
Verifiable Credentials for Travel & Hospitality
Verifiable Credentials for Travel & HospitalityVerifiable Credentials for Travel & Hospitality
Verifiable Credentials for Travel & Hospitality
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXKeep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
 
Best Cyber Security Projects | The Knowledge Academy
Best Cyber Security Projects | The Knowledge Academy Best Cyber Security Projects | The Knowledge Academy
Best Cyber Security Projects | The Knowledge Academy
 
Embedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment IndustryEmbedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment Industry
 
Smart Card EMV for Dummies
Smart Card EMV for DummiesSmart Card EMV for Dummies
Smart Card EMV for Dummies
 
Presentation cisco iron port email & web security
Presentation cisco iron port email & web securityPresentation cisco iron port email & web security
Presentation cisco iron port email & web security
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 

Ähnlich wie 3D-Secure 2.2 Webinar

PSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in EuropePSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in Europe
TransUnion
 
Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...
Danail Yotov
 
PSD2, SCA and the EBA’s Opinion on SCA – Decoded
PSD2, SCA and the EBA’s Opinion on SCA – DecodedPSD2, SCA and the EBA’s Opinion on SCA – Decoded
PSD2, SCA and the EBA’s Opinion on SCA – Decoded
TransUnion
 
Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity
ForgeRock
 
QSecure Presentation at RSA 2011
QSecure Presentation at RSA 2011QSecure Presentation at RSA 2011
QSecure Presentation at RSA 2011
jhatch9418
 

Ähnlich wie 3D-Secure 2.2 Webinar (20)

Psd2 brochure
Psd2 brochurePsd2 brochure
Psd2 brochure
 
PayU 3D Secure Merchant Guide
PayU 3D Secure Merchant GuidePayU 3D Secure Merchant Guide
PayU 3D Secure Merchant Guide
 
EBE 2020 Getting ready for PSD2 on time! How online fashion retailer Zalando ...
EBE 2020 Getting ready for PSD2 on time! How online fashion retailer Zalando ...EBE 2020 Getting ready for PSD2 on time! How online fashion retailer Zalando ...
EBE 2020 Getting ready for PSD2 on time! How online fashion retailer Zalando ...
 
PSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in EuropePSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in Europe
 
Merchant tokenization and EMV® Secure Remote Commerce
Merchant tokenization and EMV® Secure Remote CommerceMerchant tokenization and EMV® Secure Remote Commerce
Merchant tokenization and EMV® Secure Remote Commerce
 
Can security and convenience go hand in hand in e-commerce
Can security and convenience go hand in hand in e-commerceCan security and convenience go hand in hand in e-commerce
Can security and convenience go hand in hand in e-commerce
 
Payer Authentication Solutions For Verified by VISA
Payer Authentication Solutions For Verified by VISAPayer Authentication Solutions For Verified by VISA
Payer Authentication Solutions For Verified by VISA
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & Biometrics
 
Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...
 
Transactions Using Bio-Metric Authentication
Transactions Using Bio-Metric AuthenticationTransactions Using Bio-Metric Authentication
Transactions Using Bio-Metric Authentication
 
PSD2, SCA and the EBA’s Opinion on SCA – Decoded
PSD2, SCA and the EBA’s Opinion on SCA – DecodedPSD2, SCA and the EBA’s Opinion on SCA – Decoded
PSD2, SCA and the EBA’s Opinion on SCA – Decoded
 
Micro Finance with Smart Card
Micro Finance with Smart CardMicro Finance with Smart Card
Micro Finance with Smart Card
 
Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity
 
So you want to be an EMV Issuer...
So you want to be an EMV Issuer...So you want to be an EMV Issuer...
So you want to be an EMV Issuer...
 
QSecure Presentation at RSA 2011
QSecure Presentation at RSA 2011QSecure Presentation at RSA 2011
QSecure Presentation at RSA 2011
 
Boost your approved transaction volume - Ana Vuksanovikj Vaneska, Netcetera
Boost your approved transaction volume - Ana Vuksanovikj Vaneska, NetceteraBoost your approved transaction volume - Ana Vuksanovikj Vaneska, Netcetera
Boost your approved transaction volume - Ana Vuksanovikj Vaneska, Netcetera
 
The Future of Payments
The Future of PaymentsThe Future of Payments
The Future of Payments
 
UNVEILING THE WORLD OF ONLINE PAYMENT GATEWAYS
UNVEILING THE WORLD OF ONLINE PAYMENT GATEWAYSUNVEILING THE WORLD OF ONLINE PAYMENT GATEWAYS
UNVEILING THE WORLD OF ONLINE PAYMENT GATEWAYS
 
Digital Payment in 2020 - Kurt Schmid, Netcetera
Digital Payment in 2020 - Kurt Schmid, NetceteraDigital Payment in 2020 - Kurt Schmid, Netcetera
Digital Payment in 2020 - Kurt Schmid, Netcetera
 
Digital Payment Quo Vadis
Digital Payment Quo VadisDigital Payment Quo Vadis
Digital Payment Quo Vadis
 

Kürzlich hochgeladen

What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
Juha-Pekka Tolvanen
 
Effective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConEffective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeCon
Natan Silnitsky
 

Kürzlich hochgeladen (20)

Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024
Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024
Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
WSO2Con2024 - Unleashing the Financial Potential of 13 Million People
WSO2Con2024 - Unleashing the Financial Potential of 13 Million PeopleWSO2Con2024 - Unleashing the Financial Potential of 13 Million People
WSO2Con2024 - Unleashing the Financial Potential of 13 Million People
 
BusinessGPT - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AIBusinessGPT - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AI
 
Effective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConEffective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeCon
 
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public AdministrationWSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
Evolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI EraEvolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI Era
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
 
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdf
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdfAzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdf
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdf
 
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public AdministrationWSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2Con2024 - Software Delivery in Hybrid Environments
WSO2Con2024 - Software Delivery in Hybrid EnvironmentsWSO2Con2024 - Software Delivery in Hybrid Environments
WSO2Con2024 - Software Delivery in Hybrid Environments
 
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
 

3D-Secure 2.2 Webinar

  • 1. Relieve the Pain and Win the Gain of 3D-Secure 2.2 Upgrade! Dubravko Kovačić Product Manager, Asseco SEE Zdravko Barec Solution Sales Specialist, Payten
  • 2. All attendees will be on mute during the webinar to avoid background noises. You can type your questions into the Q&A box and we’ll address them during the Q&A session at the end. Webinar will be recorded and you can expect the recording next week. Important information before we begin.
  • 3. Agenda 3D secure basics. User experience improvements. New features. Dubravko Kovačić Product Manager, Asseco SEE Zdravko Barec Solution Sales Specialist, Payten
  • 5. 5 Benefits of using 3D secure 3D secure brings benefits for all involved parties in the eCommerce with payment cards 3D secure gives them peace of mind and increased confidence while using their payment cards Cardholders Easier chargeback process with 3D secure due to liability shift Acquirers Granted liability shift while using 3D secure mitigates merchants risk Merchants 3D secure brings decreased online fraud and low amount of disputed transactions Issuers
  • 6. 6 Challenges of 3D secure 3D secure also brings challenges in the eCommerce with payment cards • 3D secure requires additional steps to perform eCommerce transactions by the cardholder – requires additional time and effort. • 3D secure can be a showstopper of eCommerce transactions if cardholder cannot authenticate (lost his token or mobile phone, forgot static password, etc.) – cardholder might abandon shopping and use other way to pay.
  • 7. 3D secure is interoperable three-domain solution for enabling cardholder authentication when paying online 3D Secure roadmap Introduced by VISA to prevent eCommerce fraud Defined by EMVco to align with EU PSD2 regulation Designed to offer best possible user experience with minimal friction 3DS 1.0.2 EMV 3DS 2.1 EMV 3DS 2.2 1999 2016 2018
  • 8. 3D Secure fulfills PSD2 demands • PSD2 requires Strong Customer Authentication (SCA) on all electronic channels, proximity, mobile and web payment within European Economic Area (EEA) with acceptable exemptions. • SCA recommended to be applied even outside of EEA Card scheme’s 3DS programs EMVCo 3DS PSD2 (e-commerce channels)
  • 9. 9 Card networks 3D secure v2.x rules (Europe) Majority of card networks adopted 3D secure v2.x From 1th of September 2019* • Mandate EMV 3DS 2.0 and Identity Check Program or alternative technical SCA solutions for all issuers; all BIN ranges must be enrolled • Mandate EMV 3DS 2.0 and Identity Check Program or alternative technical SCA solutions for all acquirers and their online merchants *AN 1533—Revised Safety and Security Standards Roadmap for Select Countries in Central and Eastern Europe Generated on 14 November 2018 From 14th of March 2020 • Visa EMV 3DS 2.1 mandate for Issuers From H2 / 2020 • Visa EMV 3DS 2.2 mandate for Issuers (14th of September) • Visa EMV 3DS 2.2 mandate for Acquirers (16th of October)
  • 10. Buyers prefers UX over security? Baymard’s Institute research from 2019, shows that two thirds of purchases are abandoned, with 23% of people citing complicated checkouts as the reason.
  • 11. Mobile app. based purchase and payment Transaction risk analysis Advanced authentication UX tools in 3D Secure v2.0/2.1
  • 12. 14 New upgrade is focused to minimize buyer actions and reduce authentications! Card sheme targets 80% frictionless transactions New UX tools in 3D Secure 2.2 MERCHANT WHITE LISTING MERCHANT EXEMPTION DECOUPLED AUTHENTICATION CARD SCHEME RISK SCORING MIT EXCLUSION
  • 13. SMS OTP Dynamic linking Push QR code Biometry Out of the band Decoupled Low value transactions Transaction Risk Analysis Secure Corporate Payment Merchant White List Recurring transactions Merchant exemption StrongCustomer Authentication Exemptions
  • 14. Buyer can add merchant to it’s own white list and to skip SCA at the next purchases Merchant White List • Faster and more convenient payments • Better user experience The second Payment Service Directive PSD 2 in the European Economic Area (EEA) countries and the related Regulatory Technical Standards (RTS) allow payers (cardholders) to ‘white list’ trusted beneficiaries to exempt them from Strong Customer Authentication (SCA). This white listing of merchants is also allowed for card payments. MERCHANT WHITE LISTING
  • 15. Merchant White List roles •Creates list of eligible merchants for Merchant white list which will be offered to buyer •Request SCA for adding Merchant to white list •Monitors transactions at the white listed merchants for SCA step-in in case higher risk is indicated (different device, different delivery address, etc) •Keep eye on Merchant fraud rate Issuer •During transaction, confirms to put Merchant to white list to avoid SCA at the following transactions • Possibility to add or remove Merchant to/from white list via m-banking or other banking channels • Proceed with SCA when adding merchant to white list Buyer •Communicate benefits of White Listing to its end-clients •Initiates payment always with 3DS authentication Merchant
  • 16. Adding Merchant to the list during payment transaction Same authentication screen Additional screens
  • 17. • One authentication for MWL and purchase or separate authentications for MWL and purchase • ACS API interface for managing and deleting merchant from white list via mbanking or web banking channels Available MWL options
  • 18. New feature in 3DS 2.2 Merchants requesting MWL  EMV 3DS 2.2 allows merchants to request white listing as part of the authentication transaction  After white listing, merchants can optionally use the white list exemption in subsequent EMV 3DS 2.2 authentication requests  A merchant can check their white listing status using EMV 3DS 2.2 3RI (3DS Requestor Initiated) messages
  • 19. White listing eligible candidates  Batch file input - issuer makes independent analysis (for instance in authorisation or back office) and import batch with eligible merchants  Automatic ACS collection based on data in 3DS authentication requests  3DSRequestorAuthenticationData with values  02/authentication using merchant credential  03/authentication using federated ID  05/authentication using 3rd party authentication  06/authentication using FIDO authenticator.  ShipIndicator with value 02/ship to verified address on file.  CardholderAccountAgeIndicator with values  03/ Less than 30 days  04/ 30−60 days  05/ More than 60 days.  Automatic ACS collection based on MC extension data - Merchant fraud rate  Merchant white list exemption request
  • 20. MasterCard Smart authentication ACS risk scoring only MC risk scoring only Higher risk Lower risk In MC 2.1+ Message extension Mastercard provides additional risk assessment that ACS can consider in risk scoring for SCA exception • Banks will be more confident to enable frictionless flow for transactions that MC indicates as low risk • Bank can configure how to take MC risk scoring into account together with ACS risk assessment • Supported only for MC
  • 21. Enables authentication for Merchant Initiated Transaction (MIT) or 3DS Requestor Initiated Transactions (3RI) and MOTO transactions. Up to 3DS v2.2 such transactions were necessary excepted from SCA or used for nonpayment transactions. Decoupled authentication • Authentication is separated from payment transaction • Authentication is initiated when cardholder is offline • Configurable maximum waiting time for authentication (up to few days)
  • 22. 25 Buyer initiate purchase transaction Merchant (3DSS) sends Authentication requests ACS reqires SCA Buyer receives push message Buyer authenticate transaction using mobile token Merchant (3DSS) receives authentication response and proceed with authorization Merchant initiates purchase transaction Merchant (3DSS) sends Authentication requests ACS reqires SCA Buyer gets Auth request on his mobile banking account Merchant (3DSS) receives authentication response and proceed with authorization Buyer logs into mbanking Buyer open authentications in queue and approves one or more Out of Band authentication process (push) Decoupled authentication process
  • 23. 26 Our 3D Secure portfolio ACS server 3DS Server Mobile SDK Risk scoring engine Authentication Asseco SEE TriDES2 is a complete solution for issuing and acquiring institutions who wants to reduce risk of fraudulent online payment transactions with the Strong Customer Authentication.
  • 25. 29
  • 26. Legal disclaimer The content presented in this presentation is subject to copyright protection and has the ownership title. Texts, graphics, photographs, sound, animations and videos as well as their distribution in the presentation are protected under the Copyright and related rights Law. Unauthorized use of any material contained in the presentation herein may constitute an infringement of copyright, trademark or other laws. The materials in this presentation may not be modified, copied, publicly presented, executed, distributed or used for any other public or commercial purposes, unless the Board of Asseco South Eastern Europe S.A. gives consent in writing. Copying for any purpose, including commercial use, distribution, modification or acquisition of the contents of this presentation by third parties is prohibited. Moreover, this presentation may contain reference to third-party offers and services. Terms of use for such offers and services are defined by these entities. Asseco South Eastern Europe S.A. assumes no responsibility for the conditions, contents and effects of the use of offers and services of these entities. The data and information contained in this presentation are for information purposes only. Presentation was prepared with the use of Inscale company products. The name and logo of Asseco South Eastern Europe S.A. are registered trademarks. Use of these marks requires prior express agreement of Asseco South Eastern Europe S.A. 2018 © Asseco South Eastern Europe S.A.