3D Secure Backward Compatibility

3DSecure 2.0 continues to build on 1.0.2 but the changes are significant and while the two protocols will run in parallel, they are not compatible. 3DSecure MPI providers will be responsible for sending the right version of messages to an Issuer depending on the capabilities of that issuer.

Enrolment and OTP

Many of the changes expected for 2.0 have actually already been mandated for 1.0.2. The elimination of static passwords is one such example. Use of OTP delivered in any number of ways is now mandatory and will continue to be so for 2.0.

Enrolment during shopping has now been explicitly prohibited; this was the source of a number of botched launches of 3DS by banks in particular in North America.

Enrolling cardholders for 3DSecure is a one-time process and very different from making regular 3DS payments; this has not prevented many interested parties from blowing these problems out of proportion and misquoting the issues with enrolment at every opportunity.

The main challenge with enrolment was establishing the secret between the issuer and the cardholder. Setting up a static password made creating this secret particularly challenging. Mandating use of OTP not only set the stage for easier authentication but created a mechanism for seamless enrolment which has successfully used around the world for 1.0.2.

Every effort is being made to learn from past mistakes: SMS, Internet Banking and Banking Apps will all play a role in the smooth future enrolment of card holders to the next generation 3DS.