If you’ve bought something online, you’ve most likely come across 3D Secure. It prevents fraudulent transactions and is the norm across merchant websites.
Whilst it can seem like a trivial addition to online payments, it’s a vital part of online security that saves customers and merchants thousands, if not millions, each year.
But what is 3D Secure, and why is it so important? That’s what we’ll explore in this article.
We’ll look at what 3D Secure is, how it works, why it’s essential, and its benefits and limitations. Let’s dive in.
What is 3D Secure?
3D Secure, also known as 3DS for short, is a security measure intended to prevent online fraud for credit, debit and virtual card transactions. It does this by implementing an additional authentication step when engaging in online payments.
3D Secure was first introduced to the masses by Visa and their ‘Verified by Visa’ payment process. Due to its success in minimising payment fraud, almost all financial service companies have a 3DS authentication process for online card transactions – including Mastercard with their ‘SecureCode’, American Express with their ‘SafeKey’, etc. Every 3D Secure protocol is not the same, but they all utilise the same technology.
Why is it called 3D Secure?
The term 3D refers to the three-domain servers involved in the payment process. They are as follows:
- Acquirer domain: The merchant’s acquiring bank
- Issuer domain: The cardholder’s issuing bank
- Interoperability domain: The framework that supports the 3D Secure protocol. It is provided by the card scheme (e.g. Visa, Mastercard, etc.)
How does 3D Secure work?
Before 3D Secure, only the card details were needed to make an online payment. To confirm the transaction, you were required to enter the cardholder’s name, card number, expiry date, and CVV number. This simple authentication system led to large amounts of debit and credit card fraud. To combat this, Strong Customer Authentication (SCA) regulations, and thereby 3D Secure, were created.
Officially introduced in 2019, SCA is a European regulatory requirement that requires customers from the European Union (EU), European Economic Area (EEA), and the UK to engage in multi-factor authentication when making online purchases.
With 3D Secure, typically, this is in the form of a security question that the cardholder has to answer, or confirming a one-time authentication PIN code that is sent via email or SMS. The full steps for a 3D Secure online transaction are as follows:
- The cardholder enters their card details into the merchant’s payment gateway
- The payment system will verify if the card details are correct and, if so, whether 3D Secure is active
- If 3D Secure is active, the customer is redirected to a 3D Secure page served by the card issuer
- On the 3D Secure page, the cardholder will be asked to verify their identity. This is done by entering a one-time authentication PIN code that is sent to the customer’s email or SMS, or by answering a security question
- If the correct information is entered, the cardholder will be redirected back to the merchant’s website to complete the online purchase
- Once back at the merchant’s website, the customer should see a successful payment screen, confirming that the transaction has gone through
What are the benefits of 3D Secure?
There are benefits to both merchants and customers. The most obvious one is that by adding an extra layer of authentication, 3D Secure safeguards against a fraudulent transaction. Since almost all customers recognise the 3DS protocol, this can increase customer confidence and satisfaction; knowing that their card payments and mobile payments are handled safely and securely.
For merchants, one of the significant benefits is that the payment and chargeback liability shifts to card issuers. Suppose a transaction is successfully verified by the cardholder’s bank using 3DS, but a chargeback is issued for a fraudulent transaction. In that case, the card issuers will be liable for compensating the customer, not the merchant. Fewer chargebacks mean fewer resources will be spent on managing disputes, penalties, and fees, which can increase the bottom line.
What are the limitations of 3D Secure?
Reducing debit card and credit card fraud sounds like a win-win for merchants and customers, but it has some downsides. The main one is that it can make the transaction process more time-consuming. This added friction can sometimes cause customers to abandon their carts as they get fed up with the process, thus lowering the conversion rates for the merchant.
There is also the complaint of false declines. False declines occur when the issuing bank refuses a legitimate transaction due to suspected fraud. This causes the customer to have to search for the same item(s) elsewhere, and the merchant loses out on revenue and a potential loyal customer.
Additionally, depending on the payment processor that is used, 3D Secure can be quite costly. You may have to pay a fee for each authentication request which can add up depending on the business’ transaction volumes. Although the reduction in fraudulent transactions should offset this, it’s something to keep in mind.
What is 3D Secure 2.0?
3D Secure 2.0, also known as 3DS2, is an upgraded version of the original 3D Secure technology. It improved payment processing by introducing fewer steps to complete a purchase, shorter waiting times, and faster information exchange between the acquirer domain, issuer domain, and interoperability domain. It also introduced compatibility for non-browser payment methods such as digital wallets, mobile payments, and in-app purchases. Having replaced the original 3D Secure technology in 2017, 3D Secure 2.0 is now used synonymously with the term 3D Secure.