Bye, 3-D Secure 2.1! Hello, 3-D Secure 2.2!

February 14, 2023
Bye, 3-D Secure 2.1! Hello, 3-D Secure 2.2!

What is 3-D Secure?

Consumers are conducting their money-related activities in more digital ways than ever before. But as card-not-present (CNP) transactions across e-commerce, m-commerce and remote commerce rise across the globe, so does fraud. Issuers, acquirers and merchants use 3DS technology to authenticate consumers and safeguard against the fraud.

3DS enables the exchange of data, or messages, between the merchant and the issuer to authenticate the consumer and approve the transaction. Card issuers based on this data, can quickly and accurately identify and prevent fraudulent card transactions without adding unnecessary friction to the payment process which may lead to abandonment.

The EMV 3DS Specifications provide a common set of requirements, a standard messaging protocol that product providers can use to integrate this technology into their solutions to implement secure CNP transactions.

3-D Secure 2.1 VS 2.2 What's new?

Early in 2018, EMVCo has announced the publication of the EMV® 3-D Secure Protocol and Core Functions Specification v2.2.0. The updated specification includes enhancements to promote an optimized consumer experience while supporting new authentication channels when making ecommerce transactions.

The new version improves communication between merchants and issuers to support the application of the European Second Payment Services Directive (PSD2) exemption for strong consumer authentication. While the version 2.1 specifications supported PSD2 compliance, the version 2.2 specifications provide additional features for merchants and issuers to maximize the benefits of available exemptions.

 Here are the two new features to allow authentication for varied payment scenarios which include mail order and telephone order transactions:

  • “3DS Requestor Initiated (3RI) payments – enabling a merchant to initiate a transaction even if the cardholder is offline. ”
  • “Decoupled authentication – allowing cardholder authentication to occur even if the cardholder is offline. ”

 The updated version extends existing data elements to facilitate the communication of pre-checkout authentication events and related data from systems such as those supporting FIDO Alliance standards.

Sunset & Sunrise

This February, Mastercard sent Identity Check Newsletter – 3DS Operators to ACS and 3DS Server operators to announce the deadline of transition to 3DS version 2.2 (July 1 2023).

It read:
“…globally all Mastercard Identity Check enrolled Merchants, Acquirers and Issuers must support 3DS version 2.2.0 by July 1, 2023. This means all ACS and 3DS Operators must complete version 2.2 compliance testing prior to July 1 2023.”

Moreover, Mastercard will not issue LOCs for version 2.1 which means all new projects and renewals are required to be for version 2.2. This implies all operators have to finish the installation of version 2.2 before this July, otherwise the transactions or user payment experience may be impacted to some extent.


The updated 3DS version 2.2 is now a mandated schedule for all stakeholders which will help the issuers, acquirers, and merchant to conduct more satisfying transactions and prevent fraudulent transactions to a higher standard with improved technology and specifications. This is undoubtedly one necessary step to make you strong enough against trickier fraudulent actions for e-commerce.

HiTRUST will stand ready as usual to support and assist you to march toward the era of 3DS version 2.2 with increased approval rate and optimized user experience, away from fraud.

If you want to find a reliable, customized, and cost-effective partner to pave the way of 3DS version 2.2 or the whole secure payment system, please feel free to contact us. HiTRUST is and always will be here for you.