The three most frequently asked questions about 3-D Secure 2 and Saferpay

We provided you with comprehensive information on the topics of 3-D Secure 2, the second European Payment Services Directive PSD2 and its future impact on e-commerce at the beginning of 2019. Reminder: The Payment Services Directive PSD2 sets out stricter rules for payments. When making online payments, customers are required to confirm their identity using two of three different criteria (strong customer authentication).

Given the continued strong interest in this topic and the large number of queries relating to the integration and implementation status of Saferpay, we will address the three most frequently asked questions in this blog post.

Saferpay was one of the first PSPs on the market to start performing 3-D Secure 2 authentication as early as in May 2019. Since then, we have been continuously monitoring the acceptance rate of the new process among all players in the payment traffic ecosystem. Our goal was and still is to only switch our customers to the new 3-D Secure 2 process if we observe a stable acceptance rate that is at least equal to that of the old 3-D Secure 1 process.

Issuer readiness: We are currently seeing growing numbers of issuers going live with their 3-D Secure 2 systems and registering their credit cards for the new process. New systems can cause some difficulties at the beginning of the lifecycle. Cardholders also need to become familiar with the new process. As a result of these and other factors, the number of 3-D Secure 2 authentications is rising. At the same time, however, the acceptance rate still varies a great deal.

Acceptance rates: The most discussed advantage of 3-D Secure 2 – the so-called "frictionless flow" – which allows smooth authentication without additional cardholder interaction, is supported by the issuers. Around 58% of all 3-D Secure 2 authentications are "frictionless" and have a high acceptance rate of around 90%. By contrast, the so-called "challenge flow", in which the cardholder is asked for extra authentication, leads to a reduction in the acceptance rate. It has been shown that cardholders sometimes cancel the authentication process themselves if they receive incomprehensible instructions for authentication by their card issuer.  

Summary: Saferpay continuously monitors the "readiness" of all participants in the 3-D Secure 2 process and automatically activates 3-D Secure 2 for all merchants in countries where the acceptance rate generally has no negative impact on business. We use the current acceptance rate of 3-D Secure 1 for comparison purposes. The "readiness" largely depends on how many issuers have implemented and tested their 3-D Secure 2 processes, as well as how many are currently setting up their systems and the overall quality of the implementation.

We will continue to monitor the progress of the issuers and changes in the acceptance rate closely to offer you an optimal conversion rate with the highest level of security and fraud protection.

Your transactions may already be processed using 3-D Secure 2 if we have activated this for your country. You can view the authentication version (1 or 2) in the transaction journal on the "Journal Detail" page.

Various articles and publications on 3-D Secure 2 also discuss the amount of new data that merchants are required to send for each transaction. No new data points have been implemented in the new integration interface in Saferpay for the following reasons:

1. We are minimising the impact on existing integrations: The launch of 3-D Secure 2 in 2019 was associated with many challenges. This in turn has led to some doubts among users. Therefore, our objective is to keep the implementation and upgrade costs for our merchants as low as possible. Only the data points required for authentication are sent and our merchants are therefore not required to make any further integration changes to use 3-D Secure
   
   
2. We make every effort to make the process as hassle-free for our customers as possible: Whenever possible, Saferpay will search for the necessary data without requesting it from the merchant. This applies, for example, to various browser and device data that is required in accordance with the EMVCo specification.
   
   
3. We recommend which data to send: The risk analysis systems of issuers learn better and faster if they are supplied with certain additional data. We therefore strongly recommend sending cardholder data such as delivery and billing addresses.
   
   
4. We will continuously adapt Saferpay in accordance with further developments: The transaction analysis of the issuers, which assesses whether a transaction can be excluded from the "challenge flow", will become increasingly sophisticated in the future and will require additional data for an optimal risk assessment. Saferpay will keep pace with these developments and offer the opportunity to meet these requirements. It is always important to consider whether this will benefit our customers.