On 14 September 2019, new requirements for authenticating online payments will be introduced in Europe as part of the second Payment Services Directive (PSD2).3D Secure 2 improves the purchase experience compared to 3D Secure 1 and allows businesses and their payment provider to send more data elements on each transaction to the cardholder's bank. This includes payment-specific data like the shipping address, as well as contextual data, such as the customer's device ID or previous transaction history.

• Frictionless authentication.
• Better user experience.

The cardholder's bank can use this information to assess the risk level of the transaction and select an appropriate response:

• If the data is enough for the bank to trust that the real cardholder is making the purchase, the transaction goes through the "frictionless" flow and the authentication is completed without any additional input from the cardholder.
• If the bank decides it needs further proof, the transaction is sent through the "challenge" flow and the customer is asked to provide additional input to authenticate the payment.

• Unlike 3D Secure 1, 3D Secure 2 was designed after the rise of smartphones and makes it easier for banks to offer innovative authentication experiences through their mobile banking apps (sometimes referred to as "out-of-band authentication"). Instead of entering a password or just receiving a text message, the cardholder can authenticate a payment through the banking app by just using their fingerprint, or even facial recognition. We expect many banks to support these smoother authentication experiences with 3D Secure 2.
• The second improvement in user experience is that 3D Secure 2 is designed to embed the challenge flow directly within web and mobile checkout flows-without requiring full page redirects. If a customer authenticates on your site or webpage, the 3D Secure prompt now by default appears in a modal on the checkout page (like above demo video).
• If you're building an app, mobile SDKs built for 3D Secure 2 let you build an "in-app" authentication flow and avoid browser-redirects altogether.

Here we can Illustration How mobile authentication Works in 3D version 1 and Version 2. Authentication Flow in Version 1 Authentication Flow in Version 2

We have integrated n number of payment gateway services in different ColdFusion applications based upon the client's requirement. we are frequently integrated stripe services. we love to use available open source options ( why we need to reinvent the wheel? ) & try to contribute back to CFML community too. In terms of Payment gateway integrations, we have great experience in, using & customizing cfpayment ( most popular & well tested Open source ColdFusion Payment integration library).