3D Secure 2.0 (3DS 2.0) and Strong Customer Authentication (SCA)
Online card fraud is a growing concern for any business dealing with online payments and so, to help protect our Glint cardholders we have deployed additional security measures.
3D Secure is a security protocol that aims to prevent fraud by authenticating cardholders in card-not-present transactions.
We have enabled 3D Secure 2.0 (3DS 2.0) which will add an extra layer of identity confirmation before you use your Glint card online.
3DS 2.0 is an important part of our journey, and Mastercard are planning to phase out 3DS 1.0 in October 2022.
SCA will help make your online payments more secure for users and reduce fraud.
3D Secure is a security protocol that aims to prevent fraud by authenticating cardholders in card-not-present (CNP) transactions. We enabled 3D Secure 2.0 (3DS 2.0) to add an extra layer of identity confirmation before you use your card online.
If you are using your card in person at point of sale or are at an ATM, 3DS 2.0 will not apply.
3DS 2.0 will give Glint cardholders additional peace of mind that their Glint card is not being misused by fraudsters.
How 3DS 2.0 works:
There are two payment scenarios for 3DS 2.0: frictionless flow and challenge flow.
3DS 2.0 reduces friction in the payment flow compared to its predecessor 3DS.
3DS 2.0 helps recognise you and verify your device. 3DS 2.0 can be used to authenticate transactions from smartphones, wearables, gaming consoles – virtually any device that can be used for eCommerce.
Data required to authenticate a user and approve a transaction is exchanged in the background. You will see no additional requests (hence its name – frictionless!). No customer interaction is required for authentication.
Online merchants share transaction data with Glint which is analysed in the background, in milliseconds without you being impacted.
Your experience can be fast, easy and most importantly – secure!
External studies estimate that up to 95% of transactions should qualify as frictionless.
eCommerce transactions are screened against risk elements such as:
- value of the transaction;
- whether you are a new or existing Glint cardholder;
- your transactional history;
- behavioural history; and
- your device information.
You can expect to see added security for larger, less frequent, or riskier transactions. This is to help protect you.
For higher risk transactions you will be challenged to enter a unique one-time code – this is challenge flow, and it aims to assist verification.
A unique one-time code will be sent by SMS (text) to the mobile phone number you have registered on your Glint account. Once you have entered the correct code you will be able to complete your online transaction.
3DS 2.0 gives you an additional layer of security if your Glint card is lost or stolen.
How 3DS 2.0 is being adopted:
Regulators in the UK and Europe want to control fraud without exposing consumers to poor eCommerce checkout experiences – which is why 3DS 2.0 will be the new standard for all online payments within UK and Europe. If online businesses in the UK or Europe do not switch to 3DS 2.0 they will see an increase in rejected payments.
What happens when an online merchant does not accept 3DS 2.0?
Each eCommerce merchant will have to decide whether to implement 3DS 2.0 or not. If a merchant or online business does not switch to 3DS 2.0 it will face a serious increase in rejected payments which can lead to online cart, bag or basket abandonment.
Glint will soft decline transactions that we are unable to authenticate via 3DS 2.0. Merchants will receive and analyse soft declines so as to better understand their declines rates. This will lead to greater adoption of 3DS 2.0.
The following are some common challenge flow scenarios:
New Glint Card:
An online merchant detects that a new Glint card is being used for a transaction by a Glint client with no transactional history.
Challenge flow (authentication process) will likely be required.
Card used before at a merchant:
An online merchant (example FarFetch or Tesco’s online) already has your Glint card on their system and you have previously made payments through their platform.
You will likely not see any challenge.
Card used before at an online merchant, but you are using a new device:
If you have a purchase history with an online merchant (example Sainsbury’s online) but you are using a new device (not previously used at that online merchant) then the merchant may decide to require 3DS 2.0 authentication as there is now an unknown variable in the transaction (the new device).
Can I opt out?
No. UK and European legislation requires the implementation of SCA and 3DS 2.0 is the common standard. Therefore, it will not be possible to disable 3DS 2.0 which is a security standard.
Remember 3DS 2.0 helps prevents fraud, false declines whilst improving your online experience. It is also a key technical solution for our regulatory compliance with SCA.