EMV 3-D Secure 2.2 brings enhanced functionality as the Strong Customer Authentication (SCA) protocol matures and consolidates its experience with over two years of deployment.
3-D Secure version 2.1 improved over the original 3-D Secure version and addressed the customer friction often experienced during the transaction process by enabling more data sharing between Merchants and Issuers. This allowed for a more accurate risk-based decision-making process, which led to smoother transactions with less interruption. Version 2.1 also introduced "frictionless flow," allowing low-risk transactions to be approved without additional authentication, improving the customer experience.
Version 2.2 adds new features to accommodate specific market requirements and regulations better. This was done partly to meet the Strong Customer Authentication (SCA) requirements of the European Union's Revised Directive on Payment Services (PSD2).
While both 3-D Secure 2.1 and 2.2 provide improved security for online transactions compared to the original protocol, 2.2 introduces greater flexibility and better support for evolving market needs, regulatory requirements, and mobile transactions. This highlights the ongoing evolution of security protocols in response to the changing landscape of online transactions and cybersecurity threats.
|EMV 3DS 2.1||
|EMV 3DS 2.2|| All features of 2.1 plus:
Merchants are not required to change their integration to support version 2.2. The changes that apply to the code are:
- The requestorChallengeIndicator field supports new values:
05 - No challenge requested (transactional risk analysis already performed) [Sent as 02 in v2.1.0].
06 - No challenge requested (data share only) [Sent as 02 in v2.1.0].
07 - No challenge requested (strong consumer authentication already performed) [Sent as 02 in v2.1.0].
08 - No challenge requested (utilise whitelist exemption if no challenge required) [Sent as 02 in v2.1.0].
09 - Challenge requested: (whitelist prompt requested if challenge required) [Sent as 01 in v2.1.0].
- The Mastercard Merchant Data extension scaExemptions field is no longer sent as its data is now in the requestorChallengeIndicator values 05, 06 and 07.
- The threeRiIndicator sent as 08 for MOTO transactions [Not sent for v2.1.0].
Last updated 01/08/2023