Looking at payment networks products/capabilities: 3-DomainSecure (3DS)

‍

3-DSecure (3DS) is a global messaging protocol developed by EMVCo and enables issuers to authenticate cardholders during online (CNP) transactions. It helps to prevent fraud and ensures regulatory compliance (e.g., PSD2 SCA) whilepreserving a frictionless user experience.

‍

The 3-D refers to the three domains involved in the transaction:

·      Acquirer domain (merchant + acquirer)

·      Issuer domain (cardholder + issuing bank)

·      Interoperability domain (the payment network)

‍

Modern 3DS comes in two main versions, of which 3DS1 has now retired globally. 3DS2 is supported by all major networks and designed for both browser and in-app flows.It enables frictionless authentication via risk-based decisions usingover 100 data points (e.g., device info, IP, transaction history). It also supports biometrics, OTP, and out-of-band authentication.

‍

Key capabilities of 3DS2:

➡️ Frictionless flow: no challenge presented if issuer approves the transaction, based on transaction data (e.g., low-risk customer). Therefore, the cardholder does not need to be authenticated through an additional step.
➡️ Challenge flow: issuers requests to authenticate the cardholder by OTP, biometric, or app-based auth if risk is higher.
➡️ Decoupled auth: used in in-app flows where authentication occurs outside the payment session.
➡️ 3DS Requestor Initiated (3RI): allows merchants to generate authentication data for payments without the customer being present, typically for recurring (subscription) or delayed payments.

‍

Different networks have specific 3DS implementations

‍

𝗔𝗺𝗲𝗿𝗶𝗰𝗮𝗻 𝗘𝘅𝗽𝗿𝗲𝘀𝘀 – SafeKey
SafeKey is Amex's 3DS product (versions 1 and 2) and supports browser, app, and3RI flows. It offers dynamic linking of challenge responses to transaction risk.
𝗗𝗶𝘀𝗰𝗼𝘃𝗲𝗿 – ProtectBuy
Discover’s EMV 3DS solution is called ProtectBuy, and enables both frictionlessand challenge flows.
𝗝𝗖𝗕 – J/Secure
JCB’s implementation of 3DS is called J/Secure, and supports EMV 3DS versions,including 2.x.
𝗠𝗮𝘀𝘁𝗲𝗿𝗰𝗮𝗿𝗱 – Identity Check
Mastercard’s 3DS 2.x program, formerly "SecureCode", supportsbiometrics and app-based challenges.
𝗩𝗶𝘀𝗮 – Secure
Visa's EMV 3DS program (formerly "Verified by Visa"), supports bothbrowser and in-app flows.

‍

All networks and support frictionless flows, challenge flows, and regulatoryalignment (e.g., PSD2 SCA). Even though the  terminology differs slightly, the core technical specs are based on EMVCo standards.

‍