What is SaaS 3D Secure 2.0?

3D Secure 2.0 is an authentication protocol employed by SaaS and software to check a user’s identity during online payments. 3D Secure 2.0 is a revision of the 3D Secure protocol; its new features relate to consumer fraud protection. These include biometric authentication using smartphones or smartwatches, and advanced fraud detection systems. 

The 3DS2 process requires the flow of a huge amount of information to assess risk in real time.

1. When the customer clicks on the ‘pay’ button, the system generates 100 pieces of information, including the device ID, the transaction history, and the shipping address, and sends them to the cardholder’s bank.
2. This information is processed instantly by the bank’s risk engine.
3. If the data aligns with the user’s established patterns, the transaction proceeds without requiring user intervention. However, if the transaction is deemed high risk (such as a large purchase from a new IP address), the bank issues a “challenge,” such as a biometric scan or a one-time passcode.

The main difference is in the user experience and the level of the data. 3D Secure (1.0) was popular because of the poor redirection experiences and the ‘Verified by Visa’ boxes that would crash on mobile devices, leading to high cart abandonment.

3DS2 replaces the old system’s general ‘one size fits all’ challenge with Risk-Based Authentication (RBA), which allows most legitimate users to skip the verification step. 

One of the characteristics of SaaS payments is their capacity to run verifications in the background, while maintaining the frictionless payment flow. 3DS2 achieves this by using the merchants’ existing checkout interface to complete the payment without the user having to leave the page.

Since authentication is performed through an invisible data exchange, the customer does not leave the checkout process. This level of simplicity may have a correlation with conversion rates.

A Visa study shows that 3DS2 can save up to 85% of checkout time compared to the 1.0 version, keeping the user engaged and preventing the “frustration exit” common in legacy systems.

3DS2 was created as a ‘mobile-first’ experience. It offers native Software Development Kits (SDKs) that allow SaaS companies to integrate autenticação into their iOS and Android apps. 

• Native UI: Verification screens match the app’s look and feel, preventing user alarm.
• Biometric Integration: Customers can complete the authentication process through FaceID or built-in fingerprint sensors.
• No Pop-ups: It avoids the mobile browser compatibility issues that plagued 1.0.

Faster Loading: Direct app-to-bank communication speeds up the verification significantly.

A potential effect of using 3DS2 is a change in liability regarding chargebacks resulting from fraud. This shifts the burden of proving fraud with sufficient evidence to the card-issuing bank and makes it more difficult for SaaS merchants to challenge chargebacks. This is significant for SaaS merchants as chargebacks due to fraud can significantly impact their fluxo de caixa.