Skip to content

What is 3DS2? How to stay compliant and keep ahead

What is 3DS2?


3D Secure 2 (3DS2) is a regulatory measure due to be implemented in March 2022, affecting how goods and services are purchased online. Merchants need not only to be aware of the upcoming changes, but many will need to implement changes to their payment processes in order to remain compliant.

Failing to prepare effectively means, at best, abandoned carts and a decline in sales, and at worst, fines and disciplinary action from the Financial Conduct Authority (FCA). With revenue on the line, no business can afford to ignore 3DS2 and the ramifications of being non-compliant.

We say that payment technology is king when it comes to enabling an effective sales process, and the introduction of 3DS2 is no exception. By implementing the right payment technology within your business, keeping up with regulatory legislation is easy, enabling you to get back to what you do best – fulfilling customer purchases.

Read our guide to 3DS2, and find out how payment orchestration technology can help you stay compliant below.

Guide to 3DS2

  • What is 3DS2
  • What does 3DS2 require?
  • Why is 3DS2 being implemented?
  • When will 3DS2 be a requirement?
  • What does 3DS2 mean for my business and my customers?
  • How can I make sure my payment technology is 3DS2 compliant?
  • What else can payment orchestration do for my business?
  • What’s next?

What is 3DS2?

3DS2 is an anti-fraud measure that requires a multi-factor authentication protocol to confirm a customer’s digital identity during checkout. It adds an extra layer of identity confirmation before a user pays so that transactions meet the ‘Strong Customer Authentication (SCA) rules. This initiative is part of the Payment Service Directive (PSD2) and is enforced by the Financial Conduct Authority.

What does 3DS2 require?

Put simply, in addition to the primary account number (i.e. their bank card), customers will soon be required to provide one of the following:

  • something they have
  • something they know
  • something they are

This could mean biometric data such as a thumbprint or one-time passcode (OTP) sent via text messenger, a push notification sent to a device to approve the purchase or a password known by the user.

What if customers use payment wallets such as Apple pay or Google Pay?

Transactions made through payment wallets on someone’s device meet the requirements for 2-factor authentication, which means implementing this technology on your website will reduce friction at the payment point.

Why is 3DS2 being implemented?

These measures, which have long been implemented for secure log in to sites such as online banking or social networks, aim to prevent digital fraud at the point of purchase. By requiring additional information associated with a physical device or the user, 3DS2 will help merchants to identify fraudulent purchases and enable genuine commerce to go ahead,

When will 3DS2 be a requirement?

Although two-factor authentication is not a new concept to many of us who complete regular online transactions, particularly from the EEA and further afield, it will become a mandatory requirement for merchants taking payments from the UK from 14 September 2021. Merchants who accept payments from the EEA should already be compliant, as the European regulations came into force on the 31st December 2020.

There are payment providers who are not 3DS2 compliant and risk making businesses who don’t change provider non-compliant. With less than three months to go, many companies still have no 3DS2 plans in place, or indeed whether their current provider is compliant or not, meaning an inevitable rush in switching providers, which could slow business processes and sales.

What does 3DS2 mean for my business and my customers?

The expectation for a payment service provider (PSP) or indeed any business to continually react to regulatory and compliance payment flow disruptors is a huge task, one that requires both industry expertise, time and investment. Yet, one which, if left unattended, could be catastrophic for 100% of their payments.

A failure to comply with this newest requirement will mean that customers cannot complete the sale and will likely abandon their basket in search of another supplier with a smoother sales process. That’s great news for your competitors as customers will flock towards safe and secure payment processes, not to mention an easy and uninterrupted sales journey. That means a knock-on effect for your business’s sales trajectory, which continuous payment disruptions will directly impact.

How can I make sure my payment technology is 3DS2 compliant?

With payment technology being notoriously tricky to implement, the introduction of new payment technology is not often the first choice for any business.

However, payment orchestration technology means that numerous payment providers can be integrated into a single interface, allowing a slicker experience for both merchants and customers. This means no more stressing about moving between payment providers or updating technology every time a regulatory measure comes into place (and let’s be honest, it’s going to happen again). Instead, BR-DGE’s payment orchestration technology will automatically ensure your business connects to the most suitable and 100% compliant technology.

How can I future proof my business for future regulatory and compliance measures, such as 3DS2?

By choosing BR-DGE payment orchestration, you can ensure your business is future-proofed against the time-heavy responsibility of switching providers, again and again, every time a new regulatory measure comes into place. Instead, the automated process ensures the most secure and low-risk option is always available for your customer. With ongoing compliance and regulatory updates, payment orchestration means your business needn’t go through endless checks with every new piece of legislation.

What else can payment orchestration do for my business?

By integrating with multiple payment providers, BR-DGE reduces the chance of failed sales transactions by rerouting customers to another functional service all under the guise of a single interface; in other words, customers will never know there was a problem in the first place! It looks the same, does the same and is easy and fast to use.

What’s next?

Let us remove the hassle of keeping up with payment compliance and ensure you’ve always got the latest payment technology on your website whilst you get back to doing what you do best – running your business.

Read our guide to payment orchestration or get in touch.

Related content