Close countries panel

Select country

For solutions in a specific country please visit our local website

Nets is a part of the Nexi Group - The European PayTech. Visit our Group website at

3D Secure v2.2 - Important information issuers should know

​All you need to know about the 3D Secure 2 features and benefits, and the differences between versions 1.0, 2.1 and 2.2.​

Why is 3DS 2.2. Important

For more than 20 years, 3-D Secure has been at our service, but there has been a lot of change in upgrading the security protocol in the last few years .​

Now, with a significant transformation from shopping in store to shopping online, especially in the last pandemic-ridden year, issuers have to secure cardholders and their ecommerce transactions. In order to do this, issuers are opting for 3DS but are still in doubts about the benefits and features of the new versions. Payment experts have no doubt that issuers should start adopting new versions of 3DS because they bring upgrades and features that are extremely important for both security and user experience:

While this is a brief review of 3D secure 2, here’s the all you need to know about the new version 2.2, and differences between versions 1.0, 2.1 and 2.2.


Feature comparison - 3D Secure 2.1 and 2.2

Upgrading to EMV 3DS versions both 2.1 and 2.2 has definite advantages.

​Version 2.1 is the first commercially viable version of the EMV 3DS. For several years, it was talked about as 2.0, but “version 2.0” never was officially in production. It was skipped over so the first live version was 2.1. What benefits does v2.1 provide?

​Author/source: {attribution}

First of all, because it's the first EMV 3DS version that was released into production, there are a lot of improvements compared to version 1.0.

  • Uses more data that can result in more confident risk decisions, fewer step-ups and false declines
  • Allows authentication on many devices, especially mobile (instead of browsers only)
  • Supports biometrics for authentication challenges
  • Provides liability protection for merchants

Because there had been no significant updates to 3-D Secure in about 15 years, these new improvements were substantial, and really changed the face and capabilities of 3-D Secure.


Version 2.2 offers all v2.1 has, plus few other key advantages. So here are the key improvements in 3D Secure 2.2:

  • Flexibility of regulation, supporting SCA exemption flags and 3DS challenge signs,
  • Controlling the authentication experience
  • Delegated authentication - retailers with specialized payment systems can "replace" issuers and, in some cases, authenticate (allowed just in Europe currently)
  • More non-payment support - new 3DS Requestor Initiated (3RI) channel for non-payment authentication
  • Decoupled authentication - when the consumer is not available to participate in the authentication process (for example, for split shipments or recurring transactions)
  • Expansion of 3RI
​Author/source: {attribution}

Jonas Gaba Jensen

Jonas is heading up Nets’ Risk Management Product area that includes 3D Secure, Fraud and Dispute services that Nets is providing to customers across Europe. Jonas has more than a decade of experience within the risk management field and has worked the last four years on bringing Nets’ overall risk management value proposition to include leading-edge products​


​Author/source: {attribution}

Majken Bech Thanning

Majken is an accomplished Product Manager within the payment industry currently focused on 3D Secure and risk services. She comes from a successful background from the banking sector and business development. Majken is leading Nets’ 3D Secure value proposition to be the best in the market – both from a capability and compliance perspective.

​3D Secure 2.2. - Issuers guide

How do issuers start the update process?

The protocol, specs, certification and more are regulated by EMVCo so they are the ones who announce the specifications to networks.

Here are the lists of steps that are needed to be done for updating:

  1. EMVCo announces new version and specs
  2. Networks create their program rules
  3. Providers of Access Control Server and 3DS Servers design solutions to accommodate these rules
  4. The solution is tested and certified by EMVCo
  5. EMVCo issues Letters of Acceptance showing the providers finished their solution design, development, testing and certification with EMVCo

However, the certification process is the most important part. In order to use the new version to process transaction, EMVco and then networks need to certify their providers.

Do issuers have to upgrade to version 2.2 and what is the deadline?

Schemes and networks are approaching this individually. Visa's deadline for European issuers switching to EMV 3DS 2.1 and 2.2 was September 14, 2020 and is now prolonged for March 2021, while Mastercard still has no clear deadline for this.

It is important to have in mind that the future versions of 3DS (expected to come early 2021) will mean previously adopting versions 2.1 and 2.2 so issuers are advised start the update process immediately.

Why is 3DS 2.2. great for users - Authentication process

3DS 2 allows businesses and their payment provider to send more data elements on each transaction to the cardholder's bank. This includes payment-specific data like the shipping address, as well as contextual data, such as the customer's device ID or previous transaction history.

​Author/source: {attribution}

The cardholder's bank can use this information to assess the risk level of the transaction and select an appropriate response:

  • If the data is enough for the bank to trust that the real cardholder is making the purchase, the transaction goes through the "frictionless" flow and the authentication is completed without any additional input from the cardholder.
  • If the bank decides it needs further proof, the transaction is sent through the "challenge" flow and the customer is asked to provide additional input to authenticate the payment.

3D Secure 2 was developed after smartphones came to commercial use, unlike 3D Secure 1, and makes it easy for banks to deliver creative 3DS authentication experiences through their mobile banking applications. Now, instead of using just passwords, cardholders can authenticate transaction with biometrics – fingerprint or facial recognition – which makes this experience way smoother and easier.

In addition, SDK's for 3DS 2 enable developers to create "in-app" authentication flow so users are being free of browser redirects.

Where is 3DS now?
Version 2.1 of EMV 3DS is in use around the world, and version 2.2 is being used mainly in Europe right now., while 3DS 1.0 still continues to be used internationally.

The transition from version 1.0 to versions 2.1 and 2.2 will take some time, as expected, but card networks will continue to support 1.0 for now

​M​aybe you will also like...​