The webinar discusses the benefits and challenges of 3D Secure and highlights new features in version 2.2 that aim to improve the user experience. Key points include: - 3D Secure provides benefits like liability shift but can create friction for cardholders during online transactions. - Version 2.2 focuses on minimizing user actions and authentication through tools like merchant white listing, risk-based exemptions, and decoupled authentication. - Merchant white listing allows cardholders to add trusted merchants to their own list and skip authentication for future purchases from those merchants. - Decoupled authentication separates authentication from payment, allowing it to occur offline through mobile notifications within a configurable time window.

1. Relieve the Pain and
Win the Gain of
3D-Secure 2.2 Upgrade!
Dubravko Kovačić
Product Manager, Asseco SEE
Zdravko Barec
Solution Sales Specialist, Payten

2. All attendees will be on mute during the webinar to avoid background noises.
You can type your questions into the Q&A box and we’ll address them during
the Q&A session at the end.
Webinar will be recorded and you can expect the recording next week.
Important information before we begin.

3. Agenda
3D secure basics.
User experience improvements.
New features.
Dubravko Kovačić
Product Manager, Asseco SEE
Zdravko Barec
Solution Sales Specialist, Payten

4. E-Commerce trends
Source: eMarketer, Jan 2020

5. 5
Benefits of using 3D secure
3D secure brings benefits for all involved parties in the eCommerce with payment cards
3D secure gives them peace of mind
and increased confidence while using
their payment cards
Cardholders
Easier chargeback process with 3D
secure due to liability shift
Acquirers
Granted liability shift while using 3D
secure mitigates merchants risk
Merchants
3D secure brings decreased online
fraud and low amount of disputed
transactions
Issuers

6. 6
Challenges of 3D secure
3D secure also brings challenges in the eCommerce with payment cards
• 3D secure requires additional steps to perform
eCommerce transactions by the cardholder –
requires additional time and effort.
• 3D secure can be a showstopper of
eCommerce transactions if cardholder cannot
authenticate (lost his token or mobile phone,
forgot static password, etc.) – cardholder might
abandon shopping and use other way to pay.

7. 3D secure is interoperable three-domain solution for enabling cardholder
authentication when paying online
3D Secure roadmap
Introduced by VISA to
prevent eCommerce
fraud
Defined by EMVco to
align with EU PSD2
regulation
Designed to offer best
possible user experience
with minimal friction
3DS 1.0.2
EMV 3DS 2.1
EMV 3DS 2.2
1999 2016 2018

8. 3D Secure fulfills PSD2 demands
• PSD2 requires Strong Customer
Authentication (SCA) on all electronic
channels, proximity, mobile and web
payment within European Economic
Area (EEA) with acceptable
exemptions.
• SCA recommended to be applied even
outside of EEA
Card scheme’s 3DS
programs
EMVCo 3DS
PSD2
(e-commerce
channels)

9. 9
Card networks 3D secure v2.x rules (Europe)
Majority of card networks adopted 3D secure v2.x
From 1th of September 2019*
• Mandate EMV 3DS 2.0 and Identity Check Program or alternative technical SCA
solutions for all issuers; all BIN ranges must be enrolled
• Mandate EMV 3DS 2.0 and Identity Check Program or alternative technical SCA
solutions for all acquirers and their online merchants
*AN 1533—Revised Safety and Security Standards Roadmap for Select Countries in Central and Eastern Europe Generated
on 14 November 2018
From 14th of March 2020
• Visa EMV 3DS 2.1 mandate for Issuers
From H2 / 2020
• Visa EMV 3DS 2.2 mandate for Issuers (14th of September)
• Visa EMV 3DS 2.2 mandate for Acquirers (16th of October)

10. Buyers prefers UX over security?
Baymard’s Institute research from
2019, shows that two thirds of
purchases are abandoned, with
23% of people citing complicated
checkouts as the reason.

11. Mobile app. based
purchase and payment
Transaction risk
analysis
Advanced
authentication
UX tools in 3D Secure v2.0/2.1

12. 14
New upgrade is focused to minimize buyer actions and reduce
authentications!
Card sheme targets 80% frictionless transactions
New UX tools in 3D Secure 2.2
MERCHANT
WHITE LISTING
MERCHANT
EXEMPTION
DECOUPLED
AUTHENTICATION
CARD SCHEME
RISK SCORING
MIT
EXCLUSION

13. SMS OTP
Dynamic linking
Push
QR code
Biometry
Out of the band
Decoupled
Low value transactions
Transaction Risk Analysis
Secure Corporate
Payment
Merchant White List
Recurring transactions
Merchant exemption
StrongCustomer
Authentication
Exemptions

14. Buyer can add merchant to it’s own white list and to
skip SCA at the next purchases
Merchant White List
• Faster and more convenient payments
• Better user experience
The second Payment Service Directive PSD 2 in the European Economic Area
(EEA)
countries and the related Regulatory Technical Standards (RTS) allow payers
(cardholders) to ‘white list’ trusted beneficiaries to exempt them from Strong
Customer
Authentication (SCA). This white listing of merchants is also allowed for card
payments.
MERCHANT
WHITE LISTING

15. Merchant White List roles
•Creates list of eligible merchants for Merchant white list which will be offered to buyer
•Request SCA for adding Merchant to white list
•Monitors transactions at the white listed merchants for SCA step-in in case higher risk is
indicated (different device, different delivery address, etc)
•Keep eye on Merchant fraud rate
Issuer
•During transaction, confirms to put Merchant to white list to avoid SCA at the following
transactions
• Possibility to add or remove Merchant to/from white list via m-banking or other banking
channels
• Proceed with SCA when adding merchant to white list
Buyer
•Communicate benefits of White Listing to its end-clients
•Initiates payment always with 3DS authentication
Merchant

16. Adding Merchant to the list during payment transaction
Same authentication screen Additional screens

17. • One authentication for MWL and
purchase or separate
authentications for MWL and
purchase
• ACS API interface for managing and
deleting merchant from white list via
mbanking or web banking channels
Available MWL options

18. New feature in 3DS 2.2
Merchants requesting MWL
 EMV 3DS 2.2 allows merchants to request white listing as part of
the authentication transaction
 After white listing, merchants can optionally use the white list
exemption in subsequent EMV 3DS 2.2 authentication requests
 A merchant can check their white listing status using EMV 3DS 2.2
3RI (3DS Requestor Initiated) messages

19. White listing eligible candidates
 Batch file input - issuer makes independent analysis (for instance in
authorisation or back office) and import batch with eligible merchants
 Automatic ACS collection based on data in 3DS authentication requests
 3DSRequestorAuthenticationData with values
 02/authentication using merchant credential
 03/authentication using federated ID
 05/authentication using 3rd party authentication
 06/authentication using FIDO authenticator.
 ShipIndicator with value 02/ship to verified address on file.
 CardholderAccountAgeIndicator with values
 03/ Less than 30 days
 04/ 30−60 days
 05/ More than 60 days.
 Automatic ACS collection based on MC extension data - Merchant fraud rate
 Merchant white list exemption request

20. MasterCard Smart authentication
ACS risk
scoring
only
MC risk
scoring
only
Higher
risk
Lower risk
In MC 2.1+ Message extension Mastercard provides additional risk assessment
that ACS can consider in risk scoring for SCA exception
• Banks will be more confident to enable
frictionless flow for transactions that MC
indicates as low risk
• Bank can configure how to take MC risk
scoring into account together with ACS risk
assessment
• Supported only for MC

21. Enables authentication for Merchant Initiated Transaction (MIT) or 3DS
Requestor Initiated Transactions (3RI) and MOTO transactions.
Up to 3DS v2.2 such transactions were necessary excepted from SCA or used for
nonpayment transactions.
Decoupled authentication
• Authentication is separated from payment transaction
• Authentication is initiated when cardholder is offline
• Configurable maximum waiting time for authentication (up to few days)

22. 25
Buyer initiate purchase
transaction
Merchant (3DSS) sends
Authentication requests
ACS reqires SCA
Buyer receives push
message
Buyer authenticate transaction
using mobile token
Merchant (3DSS) receives
authentication response and proceed
with authorization
Merchant initiates purchase
transaction
Merchant (3DSS) sends
Authentication requests
ACS reqires SCA
Buyer gets Auth request on his
mobile banking account
Merchant (3DSS) receives
authentication response and proceed
with authorization
Buyer logs into mbanking
Buyer open
authentications in queue
and approves one or more
Out of Band authentication
process (push)
Decoupled
authentication process

23. 26
Our 3D Secure portfolio
ACS server 3DS Server
Mobile SDK Risk scoring engine
Authentication
Asseco SEE TriDES2 is a complete solution for issuing and acquiring
institutions who wants to reduce risk of fraudulent online payment transactions
with the Strong Customer Authentication.

24. Thank you!
28
→ Dubravko.Kovacic@asseco-see.hr
→ Zdravko.Barec@payten.com

25. 29

26. Legal disclaimer
The content presented in this presentation is subject to copyright protection and has the ownership title. Texts,
graphics, photographs, sound, animations and videos as well as their distribution in the presentation are protected
under the Copyright and related rights Law. Unauthorized use of any material contained in the presentation herein
may constitute an infringement of copyright, trademark or other laws. The materials in this presentation may not be
modified, copied, publicly presented, executed, distributed or used for any other public or commercial purposes,
unless the Board of Asseco South Eastern Europe S.A. gives consent in writing. Copying for any purpose, including
commercial use, distribution, modification or acquisition of the contents of this presentation by third parties is
prohibited. Moreover, this presentation may contain reference to third-party offers and services. Terms of use for
such offers and services are defined by these entities.
Asseco South Eastern Europe S.A. assumes no responsibility for the conditions, contents and effects of the use of
offers and services of these entities. The data and information contained in this presentation are for information
purposes only. Presentation was prepared with the use of Inscale company products.
The name and logo of Asseco South Eastern Europe S.A. are registered trademarks. Use of these marks requires prior
express agreement of Asseco South Eastern Europe S.A.
2018 © Asseco South Eastern Europe S.A.