The total transaction value of the digital payments market will reach US$9.46 trillion by the end of 2023. This growth would not be possible without payment gateways.
A payment gateway allows online stores and e-commerce websites to accept card and digital and mobile wallet payments online. It connects merchants with customers' banks to speed up payment authentication.
Since they transmit customers’ payment information, payment gateways must be secure. Before authorising payment, the software must use foolproof systems to authenticate customers’ card details.
There are two main protocols for verifying if the person making an online payment is the owner of the debit or credit card they are paying with. These classify payment gateways as 2D or 3D secure, hence 2D payment gateway.
By the end of this article, you will know what a 2D payment gateway is, how it differs from a 3D payment gateway, and which is the right choice for your online business.
A payment gateway is software that connects an e-commerce store and a customer’s bank (acquirer) to establish if the bank account the card is linked to has enough funds to pay for the purchase.
A payment gateway is integrated into an online store and is embedded in the checkout page. A customer will prompt the payment gateway to take over checkout by clicking the Pay button at checkout.
When the customer clicks Pay, the payment gateway’s interface will open as a pop-up and, in many cases, as a separate tab that will automatically close after the payment has gone through.
After a customer enters their card information in the pop-up screen, the payment gateway will communicate with their bank to establish if they have enough funds in their account to complete the payment.
If there’s enough credit in the customer’s bank account, the payment gateway instructs the network the card is on (Visa or Mastercard) to process the payment. That allows the customer to complete the checkout process.
Another task a payment gateway must check off before authorising payment is verifying if the person making the purchase is the card owner. A debit card can easily fall into the wrong hands, and the easiest way to use it without authorisation is to pay for things online.
So to prevent thieves and other imposters from shopping with stolen cards, payment gateways must verify card information on more than one level or dimension:
A 2D payment gateway authenticates an online payment on two levels (dimensions/domains). When a customer on your online store navigates to the checkout or payment page, they are shown the payment gateway interface that looks like this:
The first level of authenticating a card payment is by the 16-digit card number that a customer has to enter. This number is found on the front of the card and usually has a raised print. They must also enter the card’s expiration date and their first and last names.
On most debit and credit cards, all this information is found on the front of the card, so it can be easily collected just by viewing a picture of the card. For example, from a picture taken at the ATM by the bank’s own or a surveillance camera placed by criminals to harvest people’s debit card details without them knowing.
Since the card number, expiration date, and cardholder’s name can be easily obtained by viewing the card from the front, especially when you don’t practice good credit card hygiene, authorising payments from just this information exposes the card to all manner of misuse. Hence a need for a second dimension (2D) card authentication.
The second layer (dimension) of authenticating online card payments is the CVV number that customers must also enter. CVV stands for Card Verification Value, but depending on the card issuer, you may also find it referred to as the:
With most credit cards, the CVV is found on the back of the card, does not have a raised print like the card number, and is in small print. This is meant to make the number harder to see unless one is physically holding the card close to their face.
To complete an online purchase, a customer has to enter the CVV number. Otherwise, the payment will not be authorised. So a payment gateway that uses this card authentication system is referred to as a 2D secure payment gateway or, simply, a 2D payment gateway.
2D, in this case, means it authenticates the payment gateway, authenticates that the person using the card is physically holding the card and can view its front and back (2 dimensions).
The same card will not be as secure if it gets into the wrong hands or the cardholder was careless and unwittingly shared all the card details, including the CVV. A third layer of security would prevent unauthorised use of the card, which is what promoted the innovation of 3D payment gateways.
A 3D payment gateway adds a third layer of security to online card payments. Apart from the card and CVV numbers that a 2D payment gateway would ask from a customer when completing checkout, a 3D payment gateway would require the customer to enter an OTP (one-time password).
The OTP verifies that the person using the card is its owner. So after checking if the customer’s account balance and establishing that there’s enough credit for the purchase and before debiting their bank account, their bank (issuing bank) generates and sends them an OTP.
The OTP is sent to a mobile number that the customer provided when they opened their account or signed up for the debit card. This is their official contact number enrolled at their bank. The OTP is randomly generated and expires after a set time, usually 5 minutes.
An OTP essentially asks the customer to prove their identity, which stops cybercriminals from infiltrating the payment gateway to steal customers’ payment information.
As well as the debit card, the customer must also have their mobile phone. Otherwise, they can’t receive the OTP. If they take too long to fetch the OTP and enter it, it will expire, and they will have to start over again.
Now, it is very rare that a person loses both their phone and debit card. And even if they did, given how people are now attached to their mobile devices, it is easier to notice that your mobile phone is missing.
Once someone realises their phone is missing, they can disable it remotely or ask their telco to take their number off the network.
So, if a hacker intercepts your card information and gets hold of your card number and CVV, they still won’t be able to use it to pay online because they won’t have your mobile phone. Without your mobile phone, they can’t receive the OTP.
The OTP is what makes a payment gateway 3D secure. It adds a third authentication domain, which boosts card security. But more than the added security, a 3D secure payment gateway offers other advantages for merchants.
Between a 2D and a 3D payment gateway, the latter is the obvious choice for merchants and online shoppers. Shoppers, in particular, feel reassured that the sensitive information they enter at checkout will not be easily intercepted and used to steal from them.
Here are the other benefits of using a 3D secure payment gateway:
The one-time password that 3D secure payment gateways require makes it hard for people to use stolen payment information. It prevents people from paying with stolen cards on your online store. This significantly reduces fraud propagated through your e-commerce website.
If people can’t use stolen cards to shop in your online store, you will have fewer chargebacks. Chargebacks are reimbursements to people who feel someone used their card without authorisation to pay for something on your e-commerce website.
Chargebacks hurt your business’s reputation and may attract fees from the issuing bank, which eats into your profit. That is on top of the sale you lose.
One of the signals online shoppers now look for before entering their payment information at checkout is proof that it is 3D secure. This significantly reduces the number of abandoned carts and boosts your sales conversion rate. Many consumers will want to see the 3D secure badge before they browse any pages.
Due to the growing scourge of cybercrime, any data breach on your website cannot seriously harm your online business’s image and endanger your customers. No one wants to shop in an online store where their payment and other sensitive information can be intercepted and misused.
A 2D payment gateway is no match for today’s complex cybercrime threats. Hackers are devising increasingly sophisticated ways to steal people’s sensitive information online. While you may not be able to prevent this theft, you prevent stolen payment information from being used on your website.
3D secure payment processors also use more robust cyber encryption technology to stop criminals from intercepting payment information as it is relayed between the acquiring and issuing banks via the payment gateway. It is, therefore, critical to use a 3D-secure payment gateway, which protects you and your customers.
IntaSend is a 3DS2-ready payment gateway that uses the 3D secure card authentication protocol if a customer's card network demands it. With IntaSend, whether your online store runs on Shopify or WooCommerce, your customers will enjoy the elevated security that a 3D payment gateway offers. Another coveted perk of using the IntaSend payment gateway is the multiple payment methods it provides, including M-Pesa and Bitcoin.
IntaSend is the best 3D payment gateway in Kenya. Sign up for the IntaSend payment gateway today and deliver faster, more secure checkouts to your customers and protect your businesses from chargebacks and reputation damage.