Passwordless authentication use case: Secure Payment Authentication

LoginID
2 min readFeb 19, 2021

Passwordless authentication providers, such as LoginID, use the 3DS2 protocol to enable merchants to use the most secure authentication system on the market while maximizing convenience and conversion. In addition, because 3DS2 meets the necessary regulatory requirements, it allows merchants to shift liability for chargebacks from your business to the customer’s bank.

3DS2 — compliance without compromising conversion

Three-Domain-Secure 2.0 or 3DS2 is a protocol that has been developed to enable Strong Customer Authentication (SCA) while minimizing friction for the user and the merchant. SCA is a requirement, established by the EU’s Revised Payment Services Directive (PSD2), that users be authenticated using a mix of at least two elements that relate to possession (something you own), inherence (something you are), and/or knowledge (‘something you know’).

The original 3DS was introduced to combat online fraud by incorporating an additional step into the transaction flow, directing customers to another page where their bank requests a code or password before approving the transaction. This additional step creates friction and often relies on passwords, which are easily forgotten. As a result, conversion is negatively impacted by 3DS.

3DS2 has been developed to address this by enabling a frictionless payment flow that authenticates without additional input from the cardholder. This is possible because 3DS2 allows additional pieces of data to be shared with the user’s bank, enabling it to assess the risk level and respond accordingly — only transactions that are considered potentially risky are subjected to a ‘challenge’, requiring the cardholder to provide additional data.

3DS2 also reduces friction by enabling certain transactions to be exempted from SCA in accordance with the PSD2. This would include payments below 30 Euros, fixed amount subscriptions, corporate payments, payments from trusted beneficiaries, and merchant initiated transactions, etc.

3DS — a liability shift from your business to the card issuer

Using 3DS to authenticate transactions triggers a liability shift from your business to the card issuer, meaning that you are not responsible for chargebacks related to disputed payments. While this is a very significant benefit, it is important to note that it is subject to certain limitations — in particular, if you are making use of the exemptions for SCA, this liability shift does not occur, or if there is an excessive level of fraud on the merchant’s account and they are enrolled in a fraud monitoring program. Either way, our 3DS2 solution empowers you to decide whether to take advantage of SCA exemptions or the liability shift.

About LoginID

LoginID is a comprehensive FIDO-based multifactor authentication solution that offers frictionless authentication. Created with developers and enterprises in mind, LoginID is FIDO-certified and adheres to PSD2 principles. With an implementation time of just one hour, LoginID’s multifactor authentication solution is a quick, simple to integrate, cost-effective, and regulatorily compliant tool to give your business peace of mind around security, allowing you to focus on growing your business.

Get started for free by checking out the demo here.
Learn more about LoginID’s solutions here.

--

--

LoginID

LoginID is a comprehensive Passkeys + FIDO-based multi factor authentication solution that offers frictionless biometric authentication at low cost.