Posted on 18 March 2019 by Alison Giansetto Payments Reading Time: 2 minutes THE THREAT OF SYSTEMATIC AUTHENTICATION This regulatory evolution induces a profound paradigm shift. With implementation of EMVCo. 3DS 2.0 or 3DS2, new rules for liability shift allocation are set in Europe: banks will now have to support the obligation to reach defined fraud thresholds. In order to be able to meet these thresholds, banks will have the opportunity to require strong authentication on all transactions (except regulatory exception). Thus, this potential friction at the end of the purchasing process could have an impact on the conversion rates of online merchants and in fact on their turnover. FRICTIONLESS WORKFLOW 3-D Secure 2.0 introduces a new authentication workflow, known as “frictionless”. Frictionless flow happens when cardholder is not explicitly asked to authenticate himself/herself in-app or via browser. In this workflow, following steps occur: 1. Payment Authentication is initialized 2. Authentication Request/Response 3. Communication of results 4. Authorization messages Customer authentication is finalized without additional intervention from the cardholder. Special cases of Frinctionless workflow Some specific payment operations will be considered out of the RTS SCA scope: CONDITIONS TO GRANT FRICTIONLESS WORKFLOW CHALLENGE WORKFLOW On the other hand, when a Strong Customer Authentication (SCA) is required by the Acquiring PSP or the Issuer, the authentication flow is referred as “challenge”. Challenge flow steps may be compared with prior 3-D Secure 1.0 experience. In this workflow, the same initial steps as Frictionless flow occur, then: 4. If a strong authentication is required: Challenge is requested either by Acquiring PSP and/or Issuer 5. Request results are shared between Acquiring PSP and Issue 6. Results are forwarded to the Merchant 7. Authorization messages Conditions to strong authentication Strong Customer Authentication (SCA) validity is defined when using at least 2 of the 3 following criteria: Knowledge: something only the user knows (PIN, password, etc.) Possession: something only the user possesses : Credit card, smartphone, etc. Inherence: something only the user is : (biometric identification like fingerprint, iris or voice recognition…) Discover our special folder to prepare your company to new European requirements and anticipate the impacts on your turnover. PSD2 Folder Share this article
Posted on 19/03/2026 in Payments Agentic payment: when AI buys on behalf of consumers With agentic payment, artificial intelligence doesn't just recommend products — it advises consumers, personalises their...
Posted on 27/11/2025 in Payments How can you boost your payment performance using the French Cartes Bancaires (CB) scheme ? If you sell in France, part of your payment performance depends on the Cartes Bancaires...
Posted on 24/09/2025 in Payments What is Wero, and how can merchants use it? KEY TAKEAWAYS What it is: Wero is the new European instant account-to-account payment standard, replacing...
