17/02/2022

Understanding the 3DS code

The digitization of banking services has inevitably led to increased online security to protect consumers.

Summary

Unfortunately, payment fraud is not uncommon. That's why the Financial Conduct Authority (FCA) has taken matters into its own hands to ensure the safety of online consumers while reducing the liability of businesses when an authorized transaction is processed.

Due to ongoing security concerns, the Payment Services Directive (PSD) and the Strong Customer Authentication (SCA) system were introduced, making 3D payments more secure. These regulatory measures will affect all businesses operating online.

Acronyms

There is a lot of jargon and acronyms used to describe regulatory actions in the payments industry. These various acronyms can be quite opaque. That's why we've created a short glossary to help make sense of them and clarify their meaning.

  • PSD2: This is the Payment Services Directive. It is legislation that requires payment service providers (PSPs) to strengthen their security by improving customer authentication. This is a security requirement that protects consumers and reduces the risk of fraud.
  • 2FA: This is two-factor authentication. It is a process whereby a person making an online payment must provide two authentication factors to prove their identity. For example, you may be redirected to your online banking application to provide a PIN to verify your identity.
  • 3DS: This is the abbreviation for 3D secure. 3D secure is an online payment service available for Visa and MasterCard. This measure was implemented to prevent fraud in 2001. It has become an essential security factor when making online payments. 3D secure requires the buyer to verify their identity by entering a password or sending a one-time authentication code to their cell phone.
  • SCA: This is strong customer authentication. This is a requirement of PSD2 that we mentioned earlier. It requires businesses to require two different authentication factors to prove a consumer's identity (2FA). This affects both online and offline services and protects consumers from fraud. It will become a legal requirement for all online transactions by March 2022.

What is strong authentication?

Strong customer authentication not only enhances the security of the consumer, but also that of your business. It adds an extra layer of protection, increases consumer confidence, reduces chargebacks, and allows for better risk management of online payments.

Why do my payments fail?

In accordance with the regulations that will be fully effective in March 2022, card providers such as MasterCard, American Express and Visa have begun implementing strong customer authentication. As a result, online transactions are being checked more frequently for 3DS compliance.

This requirement can mean that your payments fail because your customers are not using 3DS cards to make a payment. If your customer does not follow the identification process correctly (e.g., a text message from their bank to verify their identity), the payment will fail. Unfortunately, you have no control over this situation, which depends on the card provider and the consumer.

Why do some payments get through?

You may notice that some transactions pass and others do not. This is because all transactions must now pass the 3DS test, even if the consumer does not have a 3DS card. This means that if they have to provide two-factor authentication, it will fail. As with contactless payments, transactions are randomly selected to complete the 3DS process. Alternatively, a consumer may have a 3DS card but not know how to complete the authentication process, resulting in a failed payment. If the customer uses a 3DS card, but the payment still fails, it could be due to several reasons:

  • The one-time PIN code sent by the bank was entered incorrectly.
  • The customer did not receive a PIN code or authorization message from their bank to approve the transaction, or they entered an old/expired PIN code.
  • The PIN code or authorization message sent by the bank was not entered or approved within the required time frame.

In a nutshell

The 3DS code complies with the legislation on online transactions: the PSD2. This legislation aims to protect consumers and businesses from fraud. Thus, the 3DS is a two-factor authentication process that your customer must undergo to validate his transaction.

While this process is designed to protect your customers, not all of them have 3DS-protected credit cards. This means that some will not be able to validate their transaction. Others simply do not know how to validate their transaction with the 3DS. This is why you can see many failed transactions. Moreover, this process is not applied systematically and transactions are selected randomly.

Swikly is of course up to date on the DSP2 and systematically asks for a 3DS code when securing a deposit. This way, you are protected against fraud and stolen cards. This is also the reason why some security deposits can fail.

Soon, PSD2 will come into full effect and card providers will have to be up to date to handle the 3DS process. Thus, you should see a decrease in failed transactions.

Have we piqued your curiosity?

Discover Swikly, the #1 online bonding solution for rental professionals!

Legal information

Editorial references

The swikly.com website is published by SWIKLY, a simplified joint stock company with a capital of 10,000 euros.
SWIKLY is registered in the Lyon Trade and Companies Register under number RCS 819 514 076
The head office is located in Lyon (France), 92 Cours Lafayette 69003 - Telephone: +33 4 20 88 00 48 - email: contact@swikly.com
Director of publication: Mr. Shaun WOURM, President of SWIKLY - shaun.wourm@swikly.com.
The hosting of the Site has been entrusted to Microsoft Ireland Operations Limited (Microsoft AZURE offer), whose registered office is located at DUBLIN 18 99000 BLACKTHORN ROAD, Ireland, registered in the Trade and Companies Register of "Foreign company n/immat.RCS" under the number 419 423 728, reachable by phone at +353 1850 940 940.
SWIKLY - April 2016 - All rights reserved

Personal data

The creation of a personal account and the use of the site imply the collection of personal data and the processing of data.
The purpose of this processing is the management of the Swikly smarphone Application, of the Website Services and the activity of the SWIKLY company. This processing of personal data is the subject of a declaration to the CNIL by the Company under the number 1948037.
The following personal data of the user is accessible to any other registered user:
-first name and first letter of a user's name.
The following personal data of the user is accessible to any user who has accepted a Swik of the said user concerned:
-first name, last name and reputation of the user.
Personal data is transferred by the Company to its service providers and subcontractors, in accordance with the aforementioned declaration made to the CNIL. All access to the user's personal data by these subcontractors and service providers is subject to the use of a login and password, with the data also being transmitted via an encrypted link.
No personal data is collected for purposes other than those mentioned above, nor is it passed on to third parties without your consent or used without your knowledge.
In accordance with the law n°78-17 of January 6, 1978 modified, relating to Data processing, the Files and Freedoms, you have a right of access, of modification and suppression of the personal data concerning you (art.34 of the law).
These rights can be exercised with the Data Controller:
Service CNIL, Société SWIKLY - 12 rue de la Barre 69002 LYON, France - contact@swikly.com.
You will find all the information concerning your rights, duties and the protection of personal data on the website of the Commission Nationale de l'Informatique et des Libertés: http://www.cnil.fr
When you visit the Site, a cookie is placed on your computer. The Company uses cookies to enable and facilitate electronic communication, to provide features tailored to the needs of Users. The cookie is used to identify the user at each of his connections, and thus facilitates his access to the Service. The user can refuse cookies when accessing the smarphone Application or by changing the configuration of his browser. This may however alter the functionality of the smarphone Application, which the User accepts.

Contacts

To report any errors or anomalies on the site:
Webmaster: contact@swikly.com

Cookie policy

What is a cookie?

A cookie is a small text file and covers all types of tracers "deposited and read, for example, when a website is consulted, when an e-mail is read, or when software or a mobile application is installed or used, regardless of the type of terminal used". 

It may be placed by the server of the site visited or by a third-party server (advertising agency, web analytics service, etc.). Cookies do not compromise site security.

Cookies deposited by Swikly

When you connect to our Site, we may install various cookies on your terminal. The cookies we issue allow us to :

- Maintain the proper functioning of the Site

- Memorize the selected language version of the Site

- To record and adapt the functionalities of the Site according to your browsing preferences (identification, adapting to the types of devices used)

- manage the acceptance and retention period of cookies

In accordance with regulations, cookies have a maximum lifetime of 13 months.

Cookies issued by third parties

- Analytics cookies:

They enable us to track the number of visitors to our site and your browsing habits (Google Analytics cookies), and to generate statistical data on site usage. This enables us to improve the Site's performance.

 

- Cookies placed by our advertising partners : 

These cookies enable us to identify your centers of interest, and thus offer you relevant advertising content when you browse other sites. 

If you do not authorize these cookies, you will be subject to less targeted advertising.

 

- Social network cookies :

While browsing our Site, you may click on the "social networks" buttons to view our Facebook and Youtube profiles. These third-party applications may use cookies to offer you targeted advertising. By clicking on the social network icon, the latter may identify you. If you are connected to the social network while browsing our Site, the sharing buttons allow you to link the content you consult to your user account.

 

We cannot control the process used by social networks to collect information relating to your browsing on our Site. We therefore invite you to consult their personal data protection policies to find out how they are used and what browsing information they may collect.

 

- Cookies set by Hotjar

 

We use Hotjar to better understand our users' needs and optimize the www.swikly.com website.. Hotjar is a technological service that helps us to better understand our users' experience (for example, time spent on a page, links clicked, and more generally browsing habits, etc.). This enables us to improve our service. The data collected by Hotjar through cookies relates to the behavior of users and their devices (in particular the device's IP address captured and stored only in anonymous form), device screen size, device type (unique identifiers), browser information, geographical location (country only), preferred language used to display the website). Hotjar stores this information in a pseudonymous user profile. Neither Hotjar nor Swikly will ever use this information to identify individual users or associate it with other data. For more details, please consult Hotjar's privacy policy

Cookie management

When you visit our site for the first time, a cookie banner will appear, asking you to consent to or refuse the use of cookies.

Your rights

In accordance with the French Data Protection Act of January 6, 1978, as amended, and the RGPD, you have the right to access, rectify, oppose, delete and limit information from cookies and other tracers. To do so, please contact contact@swikly.com.

Free guide:

The 2023 vacation rental PMS