Wondering what kind of payment gateway to use for your online business? You might be wondering whether to use a 2D payment gateway. You are probably also reading about the security benefits of 3D payment gateways. We compare 2D payment gateways vs 3D payment gateways in this article.
At first, we discuss what payment gateways are. We explain 2D gateways and their risks. Subsequently, we explain how 3D payment gateways mitigate these risks with 3D secure authentication. We review the various types of 3D secure authentication. Finally, we describe the advantages of 3D payment gateways.
What Is A Payment Gateway?
A payment gateway is a software system that makes digital payments possible. You have the following stakeholders in an online payment transaction:
- Merchants: These are businesses that sell products or services online and accept online payments.
- Consumers or consumers: They buy products and services online, and they start an online payment transaction.
- Issuing banks: These are banks that partner with companies like Visa and MasterCard to provide credit or debit cards to consumers.
- Acquiring banks or “acquirers”: These are banks that hold the bank account of the merchant. Acquirers receive payments after they provide the transaction details to the issuing banks.
Payment gateways collect and transfer payment transaction information from consumers to the acquiring banks. A payment gateway provides the following functionalities:
- Validating the card details of consumers securely;
- Transmitting the payment-related sensitive information securely by encrypting data;
- Ensuring the availability of funds;
- Interfacing between the website or app of the merchant all the way to the acquirer.
What Is A 2D Payment Gateway?
A 2D payment gateway is also known as a “2D secure payment gateway”. It’s a kind of payment gateway software without the security mechanism of a one-time password (OTP).
With a 2D gateway, consumers enter their credit card number and expiry date while purchasing products and services online. The payment processing works without any OTP.
Some of the 2D international payment gateways are as follows:
- Go Payments Inc.;
- 2D Payment Gateway.com;
- Esceurepay 2D International Payment Gateway;
- 2D GATEWAY.com.
Note 1: In India, issuer banks and card companies must use the 3D secure authentication provided by a 3D payment gateway. Reserve Bank of India (RBI), the central bank in the country requires every merchant to use 3D payment gateways. However, many payment gateways in India provide the facilities of a 2D payment gateway. They do that to enable merchants to accept international payments.
Some of the 2D payment gateways in India are as follows:
- Esceurepay 2D International Payment Gateway;
- Cashfree 2D payment gateway India;
- 2D Payment Gateway.com;
- The online 2D payment gateway India from ePay Global.
Risks Involved With A 2D Payment Gateway
You face the following risks when using a 2D payment gateway:
1. Security
Consumers only enter their card number and expiry date when using a 2D gateway, and there isn’t an additional password/OTP requirement. Online transactions involve the “card-not-present” scenario. You can’t verify if the person entering the card details is the real cardholder. Hackers routinely steal card details and they can pose as customers. Customers don’t get the security that’s required in this era of heightened cyber-crimes.
2. Loss Of Markets Due To Regulatory Non-compliance
As we stated, RBI mandates merchants in India use 3D payment gateways. Indian businesses can’t sell in this market if they use 2D payment gateways only.
3. Frauds And Chargebacks
Cyber-criminals can execute fraudulent transactions using stolen card details. You as a merchant face the risk of frauds and chargebacks.
4. Reputation
More and more customers are hearing about 3D payment gateways. They understand that 2D gateways can’t offer the kind of security offered by the 3D secure authentication technology. Customers will expect merchants to use 3D payment gateways. Merchants that don’t use them might see adverse impacts on their reputation.
Also Read: Payment Gateway Charges In India: A Comprehensive Guide
What Is A 3D Payment Gateway?
A 3D payment gateway is a software system that provides an added layer of security. Customers get the right to confirm that they indeed are executing an online payment transaction. Since online payment transactions involve the “card-not-present” scenario, this confirmation requires an additional authentication code available only to the customer.
Note 2: The term 3DS is often used in connection with 3D payment gateways. It stands for “3 Domain Secure”, and it’s an authentication protocol. Visa launched this protocol in 1999. The 3 domains are as follows:
- The acquirer domain, which refers to the bank holding the account of the merchant;
- The issuer domain, which refers to the bank issuing the card to a consumer;
- The interoperability domain, which refers to the IT infrastructure used by the card schemes like Visa.
Assume customers select products or services to buy on your website or app. They proceed to pay. They enter their card details like card number, expiry date, and CVV. If you use a 3D payment gateway, then customers will see an additional pop-up window. It will ask for an OTP. Customers typically receive this OTP via an SMS.
An OTP is a single-use authentication code. Consumers have their mobile phones registered with their card accounts, and it’s sent to that mobile phone only. The OTP is typically valid for a limited amount of time, e.g., a few minutes. Customers confirm that they indeed initiated the transaction by entering the OTP. The transaction executes if the OTP entered is correct.
The Importance Of A 3D Payment Gateway
Hackers might steal card details like the card number and expiry date. However, they can’t access the mobile phone of a cardholder. Hackers can’t see the OTP sent to the phone of a consumer. This adds an important layer of security to online payment transactions.
As cyber-crimes grow significantly, many central banks and regulators are insisting on improved security for online payment transactions. RBI, the Indian central bank is an example. 3D payment gateways meet these heightened security requirements.
More and more customers are hearing about the improved security offered by 3D payment gateways. Many of them have started to expect that merchants use 3D secure authentication.
With a 3D payment gateway, merchants don’t need to assure customers about the security of their sensitive information. Merchants see reduced frauds and chargebacks.
Types Of 3D Authentication
There are two types of 3D secure authentication solutions, which are as follows:
1. 3DS1
3DS1 (3D Secure 1) is the original version of the 3DS protocol. People used computers for online shopping when 3DS1 was launched. 3DS1 supported desktop browser-based authentication. 3DS1 provided security and protection from fraudulent transactions. However, it had drawbacks too.
People didn’t use smartphones and mobile apps when 3DS1 was launched. The design of 3DS1 didn’t cater to smartphones.
Upon starting to use mobile phones for online shopping, consumers faced challenges with 3DS1. It didn’t support the in-app flow of the payment processes on mobile phones. This often resulted in abandoned online shopping carts.
Furthermore, some issuing banks required a static password for 3DS1-enabled cards. These factors resulted in frictions during the online payment process.
2. 3DS2
As a merchant, you can think of 3DS2 as the upgraded version of 3DS1. Under the proverbial hood, 3DS2 is much more than that though! It’s not just that 3DS2 looks and feels different from 3DS1. 3DS2 uses a different message flow and message format. It provides significantly more data analysis capabilities, and 3DS2 offers a better user experience.
Irrespective of the device used by customers, 3DS2 provides a consistent experience. It integrates seamlessly with the online checkout experience offered by merchants.
This protocol collects a lot more data than 3DS1 does, and it does that within the regulatory ambit. Exchanging more useful data helps it to prevent fraudulent transactions.
3DS2 protocol executes many of the authentication activities in the background. This prevents frictions during online payment.
Note 3: 3DS2 and 3DS1 aren’t backward compatible. Credit card companies like Visa recommend merchants and issuing banks to support both 3DS2 and 3DS1. This prevents issues even if a bank doesn’t support 3DS2.
Advantages Of 3D Secure Authentication
3D secure authentication offers the following advantages:
- Higher security: 3D payment gateways offer better security to the sensitive data of consumers. Merchants can assure customers about data security.
- Reduced frauds: Thanks to better security measures, a 3D payment gateway helps to reduce fraud. This reduces chargebacks too. These are significant advantages for merchants.
- Reputation: As more consumers understand the value offered by 3D payment gateways, they expect merchants to use them. They trust merchants that use such a gateway. Increased trust translates to a higher reputation.
- Increase in sales: Safer online payment options might prompt some consumers to buy more. Customers might make larger purchases too.
- Safer international transactions: The higher security offered by the 3D secure authentication makes international transactions safer for both consumers and merchants.
Conclusion
While certain scenarios require merchants to support 2D payment gateways, 3D payment gateways offer higher security. We recommend merchants use a 3D secure authentication solution for online payments.