3D secure and PSD2 regulations
What is 3D secure?
3D secure (also known as 3DS) is an online fraud prevention measure.
It acts as an added layer of security when taking card payments - as well as knowing the card information (number, cardholder name, expiry date and security code) payments authenticated with 3DS require the customer to perform an additional authentication step.
3DS comes in two versions.
Version 1 is what is commonly known as 'Verified by Visa' and 'MasterCard Securecode' - i.e. the customer is prompted to enter a password.
Version 2 is a new standard, launched in 2018 and rolled out in 2019 which offers different authentication methods, e.g. the customer is sent a verification code by SMS or is asked to authenticate a transaction by logging into their internet banking account.
Does ShopWired support 3DS 1 and 3DS 2?
There are two types of payment gateways available on ShopWired.
Type 1 - customers are kept on your website to enter payment information (direct integration gateways).
Type 2 - cudtomers are transferred to the payment gateway website to enter payment information (hosted gateways)
Direct Integration Gateways
ShopWired supports 3DS 1 on all direct integration payment gateways that it offers.
For the Stripe payment gateway, we support 3DS 2.
Whether or not 3DS 1 or 3DS 2 is supported on the hosted payment gatways that ShopWired integrates with is the responsibility of the payment gateway.
Whilst we cannot confirm the status of this for each payment gateway, ShopWired is not aware of any payment gateways that don't support either the 3DS 1 or 3DS 2 standard.
PSD 2 Regulations
The European Union adopted the proposals of the European Commission to create a safer and more innovative European payments architecture in 2015 and published the Payment Services Directive (PSD) update (known as PSD2).
PSD2 mandates banks and other financial institutions to adopt Strong Customer Authentication mechanisms in payment and financial systems.
For online payments, PSD2 mandates the use of either 3DS 1 or 3DS 2 when a transaction is processed unless the issuing bank waives the requirement or the online payment is out of scope.
In practice, you can assume that the PSD2 regulations mean that most online payment transactions between you and your customers will require authentication using 3DS.