© 2019 Phronesis Technologies Ltd   |   contact@phronesis.net   |   Tel: +44 7539 272271

Phronesis Technologies Ltd are registered in the United Kingdom number 10726796

3D-Secure v2 and the problem with 2FA

3D Secure (3-Domain Secure) was introduced by the PCI as a security standard for online transactions. Backed by Visa, Mastercard, American Express, UnionPay, Discover and JBC) – the protocol was designed specifically as an extra layer of security for card-not-present transactions online. You may know it in the form of “Verified by Visa” and “MasterCard SecureCode” – the box that pops up when you complete a purchase online.


Fraudsters are targeting card-not-present transactions. Consumers still tend to pick easy to remember passwords and this is a simple process for fraudsters to breach.


Version 1.0 of 3D Secure did improve security, but at the expense of the customer experience. The system authenticates cardholder information, usually requesting a password or PIN. These extra steps in the process are not a great experience, and the service is only available in browser-based transactions. This leads to a more frustrating customer experience, and a tangible drop in sales conversions (users simply cannot complete the transaction, or give up when they cannot remember their password).


3D Secure V2.0 (image courtesy of Visa)

Version 2.0 of 3D Secure has been introduced. The aim of the new standard is to further secure these transactions, whilst at the same time improving the customer experience, and adding mobile applications into the mix. The system now allows for replacements to passwords such as

1. Biometric identification - face, fingerprint or voice recognition

2. 2FA (2 Factor Authentication) – using a username and password, but also something the user has unique access to, for instance a phone.

3. Risk-based authentication – allows issuers to make decisions based on additional data about the transaction, merchant and cardholder


The introduction of 3D Secure Version 2.0 will bring about stronger authentication, mobile transactions and an improved user experience.


However, Phronesis believes there are still some improvements that can be made. As an example, 2FA still has the potential to be intercepted and falsified by fraudsters due to the nature of SMS and email as the communications medium.


SOLUTION

Organisations implementing 3D Secure v2.0 standards will need to consider a number of elements during rollout. Phronesis has designed a number of solutions that will enhance and simplify the implementation;

1. When using 2FA, our Communicate product can run additional checks on the SMS or email to ensure that the phone has not been subject to a recent SIM swap, or Call Forward event, and then validate the 2FA message.

2. For Risk-based authentication, our Assure product uses our proprietary Network Biometrics™ to determine if the customer is real, live and active and not subject to an account or device change and is acting with expected usage behaviours.

3. For lower level risk transactions, our Discover product offers a simple, fast and non-invasive validation. For higher level risk transactions, our unique Acidity Score™ adds an extra level of authentication and conducts a greater range of checks and validations.

Customers such as banks and merchants introducing 3D Secure v2.0 standards in partnership with Phronesis will achieved faster, easier and more certain results.


For more information on how Phronesis can help with 3D Secure and 2FA enhancements, please visit www.phronesis.net or contact +447539272271.