VGS Collect and 3DS

3D Secure is an additional authentication layer that helps build a secure checkout experience and make online credit and debit transactions safer. It has been used since 2001 and remains the most popular protocol for online purchases.

It is important to note that the industry introduced the next-generation 3D Secure 2 (aka EMV 3D Secure) solution, which included flow improvements. For those in the European Economic Union (EEU), the standards set by 3DS2 can be used to satisfy strong customer authentication (SCA), a set of 2FA requirements that went into effect in September 2019 as part of the latest implementation of the Payment Services Directive (PSD).

Advantages

• Helps prevent unauthorized CNP transactions

• Reduces fraud and chargeback risk

• Increases spending online

How does it work?

This security protocol functions on a 3-domain model, in which the domains are:

• Acquirer domain - who’s going to get the money

• Card issuer domain

• Interoperability domain - allows the acquirer domain and the card issuer to exchange data.

In order to authenticate a user and complete a transaction, the cardholder is asked to provide unique information such as a password, code, or temporary PIN. The full 3DS authentication process would look like this:

1. Collect card information

2. Redirect to 3D Secure page provided by the card issuer

3. Additional Security Authentication

4. Redirection to the merchant's site

5. Payment confirmation

3D Secure 1 vs 3D Secure 2

With 3DS version 1, the merchant leads users to the authentication page on their bank’s website, where they should require additional security measures for access (e.g. password or code sent to the user’s phone). Experiencing the friction that these operations cause undermines the product’s user experience, making it less smooth while leaving a bad impression - especially for native applications.

The main goal of 3D Secure version 2 is to build an effortless checkout experience and add support for innovative authentication on mobile devices (using fingerprint or face recognition). Moreover, 3DS2 collects from more data points to evaluate access, which means you can pass 10X more information such as shipping information, device ID, history, etc. The more information you have, the higher chances of successful authorization.

Does VGS Collect support 3DS?

VGS Collect allows you to securely collect data from your users without having to have that data pass through your systems. Our secure field solution is a “middleware” between your apps’ client-side and server. Data from the secure form will be submitted to your vault URL endpoint or CNAME, but not to the payment processors’ API directly. This way, 3D Secure is handled on your side as a transaction request and it will be configured on your end.