Commerce Glossary

A comprehensive resource to help you master the language of commerce.
What commerce term are you interested in?
Search Results for ""...

What is 3D Secure?

3d se - cure
noun
(three-domain structure), also known as a payer authentication, is a security protocol that is meant to increase the protection of online credit and debit card transactions. The protocol was initiated and created by Visa and MasterCard, and it’s branded “Verified by Visa” and “MasterCard SecureCode”, respectively. Besides its initiators, 3D Secure is also recognized by American Express (American Express SafeKey) and by the majority of debit and credit card issuers. 3D Secure is an additional security layer that helps prevent fraudulent or suspicious transactions. It requires customers to complete an additional verification step with the card issuer when making the payment, before they finalize an online purchase.
How does 3D Secure work?

The added layer of security gives customers a secure authentication step before moving forward with the purchase of an online service or product. The earlier 3D Secure 1.0 technology worked by redirecting shoppers to their bank’s 3D Secure website page, where they needed to enter an additional security code or password (which was automatically sent via text to their phone number) in order to move forward with the payment process. After entering the correct code or password, the payment would be approved by the issuing bank and the shopper would return to the merchant’s website. Using the 3D Secure system ensures a business additional protection against fraudulent payments.

3D Secure has been around for years, and a new protocol, 3DS 2.0 (or EMV 3DS) is now available, which improves security and increases authorizations for digital transactions. The European’s Payment Services Directive 2 (PSD2) has brought several changes around online transaction security, including mandatory Strong Consumer Authentication component (SCA) for European Union shoppers. The new 2.0 version of the 3D Secure technology is part of the SCA requirements, and it is an evolutionary step from its predecessor as it allows the card issuer (bank) to use a wider range of data-points from the transaction to run a risk-based analysis. It enables a real-time, secure, more accurate way to authenticate customers without asking for a static password or slowing down commerce. For example, for low-risk and low-value transactions (i.e. less than 30 EUR), the card issuer will not send any extra authentication requests to the cardholder. However, for all other customer-initiated transactions, the cardholder will be required to go through 2-Factor Authentication (2FA), whether via text (SMS), app push notifications, or biometric means (fingerprint, etc.).

It is therefore important for a payment provider to manage not only the new 3D Secure 2 authentication flows, but also to correctly apply exemptions for recurring payments, low-value transactions, low-risk transactions, and trusted beneficiaries. 3DS2 is also mobile-friendly, displaying a responsive design easily adjustable to any mobile device. However, the implementation of all the user experience (UX) improvements to the authentication window will be up to the card-issuing banks, so the front-end presented to card holders may vary depending on their bank.

Want to read more on this topic? Check out our related resources:

Simplify the eCommerce process. Try 2Checkout.
The most flexible digital commerce platform that can give your business a real boost.