Visa and Mastercard have announced that all support for their cardholder authentication programs 3DS 1.0 must be upgraded to the newer Version 2.0 by October 2022. At the same time, the payment gateway Authorize.net has announced that it will no longer support cardholder authentication programs like Verified by Visa and Mastercard Secure Code in the form of 3DS 1.0 or 3D Secure 2.0
If you are a merchant using Authorize.net as your gateway, you will need to move to a new processor to avoid unnecessary transaction declines or fee downgrades starting in October 2022.
3D (three-domain) Secure is a security protocol that adds a layer of authentication to the checkout process and verifies cardholders’ identity prior to authorization. The first iteration of 3DS —3DS 1.0 — was created in 1999 when desktops were the only online shopping channel available. Card networks implemented 3DS 1.0 in 2001 under the branded names Verified by Visa or Mastercard Identity Check.
3DS 1.0 was designed only for web-browser authentication and did not support the mobile environment. In 2019, to address the new digital channels, such as gaming, mobile, and automobile apps, and to comply with the evolving regulatory landscape, EMVCo released a new version of 3DS: 3D Secure 2.0
3DS Secure 2.0 supports both browsers and mobile apps. Mobile channels account for 74% of online sales, which makes 3D Secure 2 a vital component of today’s digital payment networks. The system authenticates with a one-time passcode sent to a mobile number or through biometrics, reducing fraud and augmenting the user experience.
Merchants who do not discontinue using 3DS version 1 before October 2022, or who do not find a new gateway processor, may experience unnecessary transaction declines or fee downgrades.
If you are a merchant affected by these changes and want to continue using 3DS Secure 2, contact Cartis Payments to find out how to seamlessly switch to a new payment gateway processor with 3DS 2.0 protection.