Mastercard will mandate EMV 3DS v2.2 in European Region

MasterCard sets the road map for V2.2 aiming to improve frictionless authentication, improve user experience for out-of-band, improve UX and performance and introduce Message enhancement for Acquirer Exemptions amongst other objectives.

Effective 14 October 2022 Issuers and Acquirers will be required to support the EMV 3DS v2.2 standard, including adoption (implementation and usage) of specific features.

This announcement  is covered in announcement or reference ‘AN 5762 Revised Standards for Europe Region EMV 3DS 2.2 Roadmap for Remote Electonic Transactions’

EMV 3DS 2.2 brings a number of key benefits over the EMV 3DS 2.1 and older industry standards:

• Streamlines authentication through promotion of frictionless authentication by offering message enhancements for fewer step-up authentications
• Improves user experience for out-of-band (OOB) transactions by requiring issuers and acquirers (for their merchants) to support merchant app re-direction, eliminating the need for additional cardholder interaction to complete the challenge process
• Enables issuers to fully meet the requirements of the Payment Service Directive 2 (PSD2) Strong Customer Authentication (SCA) Regulatory Technical Standards (RTS) by offering fully compliant authentication methods
• Enables a fully functional trusted merchant listing (TML) for merchants and issuers, thus creating a user-friendly and frictionless experience for cardholders
• Enables 3DS requestor challenge indicators for acquirer exemptions identification, thus helping merchants influence decisioning
• Enables 3DS requestor-initiated (3RI) payment authentication flow

In addition to the EMV 3DS 2.2 standard and some EMV 3DS 2.2 announced features, issuers and acquirers must also adopt features that are intended to improve authentication performance:

• Authentication app re-direction, eliminating the need for additional cardholder interaction to complete the OOB app transactions (3DS Requestor App URL)
• Additional insights on the challenge flow performance to facilitate monitoring and problem resolution Features for mandate

Quick Overview of new features

Process Flow for Trusted Merchant Listing

• Customer places an €100 order, Merchant wants to be added to trusted beneficiary list and sends TML request to Issuer in the same Authentication Request
• Authentication for 100€ is conducted. Cardholder is prompted to include merchant to TML. Cardholder is stepped-up
• Authorisation and Clearing of €100

Next time at Merchant’s discretion

• Trusted beneficiary exemption used in future transactions of the same cardholder at this merchant
• Authorisation and Clearing of future transactions

Process Flow for Partial/Split Shipment

The liability remains with Issuer.

• Customer places an online order for €100 with multiple items
• Customer is in session, Customer is authenticated for full amount €100
• Part 1
• Authorization for partial amount, Transaction worth €50 is sent to authorization
• Clearing of 50€ is sent, Clearing is delayed until the time of delivery of product
• Part 2
• Customer is off session (3RI is invoked), Customer is authenticated for remaining order amount of €50
• Authorization for remaining amount, Transaction worth €50is sent to authorization
• Clearing of 50€ is sent, Clearing is delayed until the time of delivery of product

Improved UX and seamless authentication flow leads to reduced cart abandonment for Mobile payments

• Cardholder is purchasing items within merchant app
• The issuer ACS decides to challenge the cardholder. The need to manually open the Issuer authentication app has been resolved with Mastercard’s Roadmap
• By clicking “Confirm”, the authentication app will trigger the fingerprint recognition process
• The Operating System will prompt the cardholder to use their fingerprint to authorise the payment
• When fingerprint is recognised, the issuer app will display a payment confirmation message
• The need to manually return to the merchant app has been resolved with Mastercard’s Roadmap
• The SDK validates the response with the ACS and the ACS communicates the result of the authentication

What about Version 2.1 ?

Version 2.1 will continue to be fully supported until such a time that its decommissioning period arrives; this is not expected for at least 2 another two years.