Why is our app asking to scan your face? To keep you safe, of course!
Introducing 3D Secure 2, a new way to verify online payments made using your Holvi Business Mastercard®. Staying true to our name – Holvi means ‘vault’ in Finnish – we’re always looking for new ways to improve our account security.
This July, we upgraded our online payment authentication in line with the latest advances in card security.
Don’t worry, you can switch to fingerprint scanning if you want.
What is 3D Secure, anyway?
If you've shopped online in the last 10 years, you've probably come across 3D Secure 1. It’s the old school way of authenticating online payments.
Authentication: The process of verifying a datum or entity – AKA proving it’s really you doing something in Holvi.
Ever tried to buy something online only to be redirected to a strangely unfinished-looking page where your bank asks you to confirm some details? You guessed it! That’s 3DS1.
By bringing you to that page, your bank was assuming responsibility for any chargebacks (instances where you claim fraudulent charges), absolving the seller of liability. In terms of security, this was a viable step. But... it wasn't the most user-friendly experience.
Introducing 3D Secure 2 – stronger payment authentication
As of July 2021, Holvi uses 3D Secure 2 (3DS2) to verify online payments made using your Holvi Business Mastercard®. This upgraded version includes the use of biometrics (fingerprint and face recognition) to confirm your identity directly in the Holvi mobile app. This is much safer than receiving a code via SMS. Just note, 3DS2 is brand new and it might take a while for some merchants to catch up to this new way of verifying payments.
How does it work? In many cases, device data is sufficient for authentication and you won’t have to take any extra steps to complete a payment. However, some transactions are deemed more risky and subject to stricter regulations. This is where 3DS2 really shines.
Here are the three main types of authentication under 3DS2.
3D Secure 2 supports richer data exchanges between your Holvi account and the merchants selling you online products or services.
Simply put, 3DS2 can better assess how risky a particular payment is. If your payment satisfies certain criteria, it’ll get a free pass. This is called ‘passive authentication’, where no action is required on your part to authenticate a payment.
As a customer, this is a frictionless experience – you won’t notice a thing.
This is what’s new under 3DS2. If your online payment is ‘challenged’ (i.e., if it doesn’t satisfy the strict security requirements for passive authentication), you’ll be guided to the Holvi mobile app where you can easily confirm your identity using your fingerprint or face recognition. In other words…
If you switch paper suppliers and drop €150 on high-gloss card stock, don’t be shocked if we ask for your fingerprint.
If you're not a fan of biometric authentication, you can also verify online card payments using your Holvi password or passcode directly in-app. Configure your authentication preferences under Profile > Password and Security. The choice is yours.
This is the old, less-secure way of verifying online payments. Holvi will only use SMS authentication if you do not have biometric authentication enabled.
If a payment doesn’t satisfy the criteria for passive authentication, you’ll be asked to enter a two-factor authentication code sent to you via email or SMS. As mentioned before, this is less safe. People change numbers and networks are more susceptible to cyberattacks.
How 3D Secure 2 improves your account security and Holvi experience
By using biometric authentication whenever possible and offering the less up-to-date SMS verification option only as a fallback, Holvi is taking online payments security to the highest level.
This is a natural step in evolving our app’s security in line with today’s capabilities, but we’re not stopping here. – Adri, Holvi Product Lead
Our new authentication process opens the doors to future improvements to our payment verification user experience – all in accordance with the Payment Services Directive 2 (PSD2) in Europe. So stay tuned for more security updates in the future.
Wondering what else Holvi does to keep your money and data safe? Check out our article on How Holvi keeps your account safe – and what you can do to help.