We currently use two protocoles to authorise your payments:
- Direct Autorisation: we send the payment request without any authentication.
- 3DS 1.0 server: we force a redirection of the user to their issuing bank where they need to authenticate themselves, generally through the SMS-OTP (One-Time Password). The choice between one route or another is based on specific rules. These two routes are very binary with no intelligence.
Due to the new requirements for online payments, the regulation has required the industry to adapt the 3DS 2.0 protocol to:
- Take into account the exemptions which allow frictionless payments
- Provide a mobile-friendly authentication method to improve user experience
Exemption management and Frictionless experience
3DS 2.0 takes into account the new exemption requests. Whenever an exemption is accepted, the cardholder will pay without having to complete an SCA. This is called the Frictionless Payment experience.
How does the frictionless experience work?
On the payment page, you collect the data from your user to send it to MANGOPAY You may either request a frictionless experience or an SCA.
If you request a frictionless experience, MANGOPAY will use the available information to select the best exemption.
- If the issuing bank accepts, you will benefit from a frictionless experience where your user is directly redirected to the payment confirmation page.
- If the issuing bank refuses, your user will have to complete an SCA.
You will still be able to request the SCA on any payment. However, to guarantee a good conversion rate, we recommend that you apply the frictionless experience to as many payments as possible.
How to benefit from it ?
The PSP or acquiring bank must justify the exemption by providing sufficient data to the issuer (i.e. the cardholder’s bank).
To do so, MANGOPAY will:
- Transmit more information: e.g. internal fraud rates of the platform.
- Create new fields for card pay-ins so that platforms may send us the necessary information.
*N.B. MANGOPAY will keep its clients updated on the new parameters.
New authentication methods through new technologies will be setup. They will be available without any redirection and included in updated mobile-friendly SDKs by MANGOPAY, expected at the end of 2019. They will improve the user experience by avoiding a redirection to the issuing bank’s page and allow new authentication means such as:
- Biometry on mobile
- In-banking app authentication
Please note that the implementation of these new methods of authentication depends on each issuing bank.
3DS.2.2 - The future of 3D Secure
Following the adoption of 3DS 2.0 by European payment institutions, 3DS 2.2 is expected to replace 3DS 2.0. As part of this change, we expect the SMS-One time password to come to an end by the end of 2021 due to the fact that it is not officially recognised as an SCA.
3DS 2.2 is expected to bring:
- Additional device compatibility
- Improve the exemptions management: enable trusted beneficiaries and improve risk analysis thanks to more payment parameters
- Enhanced user experience within the banking application authentication (out of band)
MANGOPAY’s roadmap is described below.
The next steps
For the Industry
The 3DS 2.0 is a major change for the industry and it will take some time for all actors to adapt to the changes and connect to the 3DS 2.0 servers. Therefore, most regulators have published transition plans in order to boost the switch without harming the industry:
- The BAFIN (German regulator)declaration
- The FCA (British regulator) declaration
- The EBA (European Banking Authority) declaration
At the moment, similarly to all payment industry actors, we cannot guarantee that your transactions will be handled with 3DS 2.0. Some banks have announced significant delays which block our implementation. Once the transition period is over, we will be able to route 100% of the card payments to the new 3DS server and manage all the necessary exemptions.
In the meantime, MANGOPAY will continue to guarantee your payments thanks to a “smart routing” tool. This tool will enable us to choose the best path for your payments: 3DS 2.0, 3DS 1.0 or direct autorisation.
Most of the work for 3DS 2.0 will be done by MANGOPAY. Indeed, as your unique interface to the banking network, we will do all the connections and exemption management for you.
However, to make the most of the exemptions, we recommend that you:
- Adapt card Pay-ins to benefit from exemptions by integrating the new parameters which we will provide. Coming soon
- Maintain a robust anti-fraud strategy: A new parameter has appeared in the industry under the name “merchant score”. Depending on your score, you will have access to different levels of exemption. We, therefore, encourage you to keep a robust anti-fraud strategy.
If you use the web direct pay-in checkout template:
- Adapt checkout page for 3DS 2.X. Online platforms who use the web direct pay-in will have to modify the new template. We will contact those platforms directly.
If you use a mobile app:
- New SDKs will be available to have a homogeneous 3DS redirection on the app.