3DS 2.2 readiness for 3DS Servers and PSP

Why you should keep an eye on 3DS 2.2 readiness

For most of the countries within the European Economic Area (EEA), the enforcement date for PSD2 and Strong Customer Authentication is right behind the corner. There has been a lot of talking during the past two years about PSD2 enforcement, 3D Secure 2 and its impact on the payment industry.

As a solution, the new authentication protocol 3D Secure 2 has been brought up with numerous new features and authentication possibilities depending on the protocol version (2.1 and 2.2). There are  big differences between the two versions as the 2.1 does not support important features such as PSD2 acquirer exemptions but only allows issuers to apply exemptions such as Transaction Risk Analysis and Low Value Payments on their side. Mastercard has brought up to the market a version called 2.1+ allowing with a message extension merchants to request exemptions via their payment service providers.

As 3D Secure 2 adoption is slowly increasing among issuers (around 87% in August 2020 according to Visa) and is expected to be close to completion by now, EMV 3DS volumes are slowly growing and performance is improving with issuers challenging less and fewer transactions month after month ( around 80% of transactions are currently risk-based authenticated by issuers). This significantly improves the consumer check out experience as the old 3DS1 protocol is challenging every single transaction which requires an action from the cardholder to authenticate.

What is a 3DS server and why is it important for Payment Service Providers and PSD2 exemptions?

But from the other side of the flow, what is the current situation with 3DS Servers and Payment Service Providers readiness? In order to offer 3DS 2.2, 3DS servers are required to be certified by EMVco as a preliminary step in order to be ready to bring go-to-market solutions.

According to EMVco definition, 3DS Server provides the functional interface between the 3DS Requestor Environment flows and the DS. The 3DS Server is responsible for collecting necessary data elements for 3-D Secure messages, authenticating the Directory Server, validating the Directory Server, the 3DS SDK, and the 3DS Requestor, and ensuring that message contents are protected.

Basically, when merchants send authentication requests to their Payment service providers, the next step is to reach a 3DS Server which, through the Directory Server offered by card schemes such as Visa or Mastercard, will reach the Access Control Server (Issuer environment) in order to authenticate the cardholder. The Issuer through its ACS will decide on a frictionless or a challenge authentication flow. The authorization messages and settlement request will then follow up.

Merchants can also directly integrate with a 3DS Server and handle the authentication flow messages directly on his side. Many payment service providers have developed their own 3DS Servers/ MPIs ( i.e. Adyen, Stripe, Worldline, etc.) but it can be common that the authentication is handled by a solution which is not developed in-house. It is clear that this component plays a key role within the authentication flow and having a component which is able to handle 3DS 2.2 authentications has enormous importance as this will allow merchants to request acquirer exemptions ( Transaction Risk Analysis, Low Value Payments) and additional features such as 3RI or Delegated Authentication.

At Payment- Universe, we have extensive 3DS experience and we can support you with 3D Secure 2 implementations. Contact us now to schedule a call.

You can check below the table with the full list of current Approved EMV 3DS Products by EMVCo ( updated on 29th of September 2020) or you can go directly to the EMVCo page about it. Please keep in mind that being approved does not necessarily mean being live and ready for production. This would need to be checked with your payment service provider or 3DS Server directly.

3DS Server Company Name3D Secure 2
Company Url
/n software, Inc.2.2https://www.nsoftware.com
1&1 IONOS SE2.2https://www.ionos.com/
2C2P Pte Ltd2.2https://www.2c2p.com
ACI Worldwide2.1https://www.aciworldwide.com
Adyen NV2.2https://www.adyen.com
ALIGNET SAC2.1https://www.alignet.com
AsiaPay Limited2.1https://asiapay.com
Asseco SEE d.o.o.2.1https://see.asseco.com
BPC AG2.1https://www.bpcbt.com
British Telecommunication PLC2.1https://www.bt.com/
CA Inc. A Broadcom company2.2https://www.broadcom.com
CardinalCommerce Corporation2.2https://www.cardinalcommerce.com
CARDZONE SDN. BHD. NAhttp://www.cardzone.com.my
CCV LAB BVBA2.2https://www.ccv.eu
Checkout Ltd2.1https://www.checkout.com
Cherri Tech, Inc.2.1https://www.cherricorp.com/
CJSC Processing Center CardStandard2.1https://cardstandard.ru
Clearhaus A/S2.2https://www.clearhaus.com
Compass Plus Ltd.2.2https://compassplus.com
Concerto Software & Systems Pvt Ltd2.1http://concertosoft.com
D8 Corporation SIA2.1https://www.d8corporation.com
Direct Payments Limited2.2https://rbk.money
EGM INGENIERIA SIN FRONTERAS S.A.S.2.2https://www.placetopay.com/web
Elara Software GmbH2.2http://www.elara-it.com/
Elavon Inc2.2https://www.elavon.com
Enactor Ltd2.2https://enactor.co
Endeavour IBS2.1http://www.3dsecurempi.com
EUROPABANK NV2.2https://www.europabank.be
Fidelity Information Services (FIS)2.2http://fisglobal.com
Financial Software and Systems Pvt Ltd2.1https://www.fsstech.com
Global Payments Inc.2.2https://www.globalpaymentsinc.com
GPayments Pty Ltd2.2https://www.gpayments.com
HiTRUST Incorporated2.2https://www.hitrust.com.cn
HPS (Hightech Payment Systems2.1http://hps-worldwide.com
Iliad782.2 NA
IndiaIdeas.com Limited2.2https://billdesk.com
INFINITIUM SOLUTIONS SDN BHD2.2https://www.infinitium.com
Ingenico e-Commerce Solutions BVBA/SPRL (Belgium)2.2https://www.ingenico.com
Innocore Co., Ltd.2.1http://innocore.kr
iSignthis Ltd2.2https://www.isignthis.com
IZealiant Technologies Private Limited2.2https://www.izealiant.com
Japan Card Network Co.,Ltd.2.2https://www.cardnet.co.jp
Joint Electronic Teller Services Limited2.2https://www.jetco.com.hk
JSC CB PRIVATBANK2.2https://privatbank.ua
Lyra Network2.1https://www.lyra.com
Mastercard International Incorporated2.2https://www.mastercard.com
Modirum OÜ2.2https://www.modirum.com
Moneris Solutions Corporation2.1https://www.moneris.com
mSIGNIA, Inc.2.2https://msignia.com
NETS GROUP Networks & Transactional Systems S.p.A.2.2https://www.nets.eu
Netcetera AG2.2https://www.netcetera.com
Non-bank settlement credit institution Money.Mail.Ru (LLC)2.2https://corp.mail.ru
Openway Europe S.A.2.1https://www.openwaygroup.com
Poplatek Oy2.2https://www.poplatek.fi
Razorpay Software Pvt ltd2.2https://razorpay.com
Redsys Servicios de procesamiento, S.L2.2http://www.redsys.es
Right Line LLC2.1https://rtln.ru
Safecharge Limited2.1https://www.safecharge.com
Sage Pay Europe Ltd2.1https://www.sage.com
Seglan S.L.2.2http://www.seglan.com
Shanghai Coshine Software Co. Ltd2.1http://coshine.com
SIBS Forward Payment Solutions S.A.2.1https://www.sibs.com
Silverlake Symmetri Malaysia Sdn Bhd2.2http://silverlakeaxis.com
Sirena-Travel JSC2.2https://www.sirena-travel.ru
Société Maghrébine de Monétique -S2M-2.2NA
Software Express Informatica Ltda.2.2https://www.softwareexpress.com.br
Solanteq LLC2.2https://solanteq.com
Stripe, Inc.2.1https://stripe.com
TAS Eastern Europe d.o.o.2.1https://www.tasgroup.eu
TECS telecommunication & e-commerce solutions GmbH2.1https://www.tecs.at
The Logic Group Enterprises Ltd2.1https://www.barclaycard.co.uk
Tieto Latvia SIA2.2https://www.tietoevry.com
Tintel B.V.2.2https://www.pay.nl
Tribe Payments LTD2.2https://www.tribepayments.com
Trust Payments2.2https://www.trustpayments.com/
TSYS Card Tech Services Ltd.2.2https://www.tsys.com
VOB-ZVD Processing GmbH2.1https://www.voeb-zvd.de/home
Wibmo Inc2.1https://www.wibmo.co
Windcave Limited2.2https://www.windcave.com