From 3-D Secure 1.0 to 2.0: What Really Changes

  • Expertises
  • 2 min read



3-D Secure 2.0 introduces a new authentication workflow, known as “frictionless”. Frictionless flow happens when cardholder is not explicitly asked to authenticate himself/herself in-app or via browser.


In this workflow, following steps occur:

1. Payment Authentication is initialized
2. Authentication Request/Response
3. Communication of results
4. Authorization messages

Customer authentication is finalized without additional intervention from the cardholder.


On the other hand, when a Strong Customer Authentication (SCA) is required by the Acquiring PSP or the Issuer, the authentication flow is referred as “challenge”. Challenge flow steps may be compared with prior 3-D Secure 1.0 experience.

In this workflow, the same initial steps as Frictionless flow occur, then:

4. If a strong authentication is required: Challenge is requested either by Acquiring PSP and/or Issuer
5. Request results are shared between Acquiring PSP and Issuer
6. Results are forwarded to the Merchant
7. Authorization messages


With implementation of EMVCo. 3DS 2.0 or 3DS2, new rules for liability shift allocation are set in Europe.


Dalenys, as Acquiring PSP and subsidiary of the Natixis Payments, has a unique ability to act on the market thanks to a 360 ° vision of data sourced via:

  • An access to the result of TRA (Transaction Risk Analysis) based on its internal antifraud rule engine solution
  • An access to merchant data based on data forwarded by merchant
  • An access to the device’s data collected from browser or SDK (inapp interaction);
  • Mastering the modeling of the Issuer-Acquirer data based on the proximity between Dalenys and BPCE group

The more data are collected, analyzed and forwarded by the merchant and Dalenys, the more likely the frictionless mode is to be granted by the Issuer (i.e. cardholder’s bank).



This article is part of a series of articles on 3-D Secure 2.0:



Subscribe to our newsletter