TABLE OF CONTENTS
Within the eCommerce landscape, there are several authentication tools used by business owners to help protect consumers’ account security—these features are known as 3D Secure protocols. And with online shopping taking the world by storm in recent years, upping online payment security has never been more important for merchants. Beyond just boosting consumer confidence, implementing advanced security measures like 3D Secure can save merchants from dealing with chargebacks, fraud, and other payment-related issues.
In this article, we’ll discuss the ins and outs of 3D secure authentication; what it is, how it works, and how to set it up for your business. Let’s get started!
What Is 3D Secure Authentication?
3D Secure authentication is an extra layer of protection that merchants can enable via their payment gateways to prevent fraud on card-not-present transactions. There are several different 3D Secure programs out there, each offered by different card brand networks. Some familiar names include Verified By Visa, Mastercard SecureCode, J/Secure, and American Express SafeKey.
Now, you might be wondering what “3D Secure” stands for, so let’s break it down a bit further. The three Ds in “3D Secure” describe the three domains involved in a single transaction: the acquirer domain, the issuer domain, and the interoperability domain.
The acquirer domain consists of the financial institution and the merchant receiving the payment.
The issuer domain is the issuing bank (the bank that issued the credit or debit card used).
The interoperability domain refers to the technical framework allowing the card to support the 3D Secure protocol.
How Does 3D Secure Work?
If you’ve ever used a credit card authentication method to prove your identity (i.e. two-factor or multi-factor authentication), you already have a baseline understanding of how 3D Secure works. But let’s explore how it works in practice:
- A customer proceeds to the checkout page to pay for products.
- The customer enters their credit card and personal information on the checkout page.
- After clicking “proceed to checkout”, they’re redirected to the issuing bank’s 3D security protocol page.
- They enter a one-time authentication code, password, or PIN.*
- After verification on the backend, the card issuer either approves or denies their payment.
- If the transaction is approved, they are redirected to your website where the order is confirmed.
It’s also important to mention that merchants can decide which transactions require 3D Secure authentication. For example, you can create a rule that high-risk transactions go through 3D Secure authentication on your website, whereas lower-risk transactions do not.
*Note: Sometimes, instead of entering a one-time code, password, or PIN, the issuing bank can automatically verify the transaction by confirming the cardholder’s phone number.
Advantages of 3D Secure Verification
Although it’s not mandatory for issuing banks to use, implementing 3D Secure authentication on your eCommerce site can benefit you and your customers in many ways. Here are some of the benefits that make 3D Secure verification a great choice for merchants:
Shift in liability to issuing bank
With chargebacks, merchants are almost always liable for covering the transaction. However, 3D Secure protocol shifts this liability. Instead, the responsibility falls on the issuing bank to handle payment complications. Therefore, 3D Secure authentication offers advantages not only to the customer, who benefits from the protection of their card information, but also to the merchant, who gains liability protection.
As merchants, however, it’s especially important to ensure you understand all of the rules and regulations related to 3D Secure implementation by reviewing the documentation provided by your issuer.
Chargeback & fraud protection
By shifting liability to the issuing bank, merchants aren’t at risk of receiving chargebacks. This means there’s no need to worry about chargeback fees and other pesky inconveniences associated with chargebacks. It can also help protect you from BIN attacks and credit card testing, identity theft, and other eCommerce-related fraud. Additionally, 3D authentication is a great way to protect your customers from fraud as 99.9% of the time cybercriminals don’t have access to personal devices.
3D Secure authentication also provides interchange benefits. This pricing structure allows merchants to negotiate lower interchange fees with their payment providers. And lower interchange fees mean higher profit margins!
As a merchant who processes card-not-present transactions, it’s of utmost importance to gain your customers’ confidence. With 3D Secure, you can offer your customers reliable protection for their online payments at your eCommerce site.
Disadvantages of 3D Secure
While there are certainly more advantages to enabling 3D Secure, the protocol doesn’t come without its drawbacks. The most obvious and non-detrimental downfall is that customers don’t like extra steps in the checkout process. The pop-up window feature, on the other hand, has been proven to be the platform’s biggest weakness. Let’s take a look at how pop-up window phishing scams are a potential threat to your business.
Pop-up window phishing scams
When fraudulent pop-up messages appear on a checkout screen, it’s easy to confuse what’s authentic and what’s not. Customers may assume that phishing scams are part of your 3D Secure protocol and fall victim to the scheme by inputting their personal information. Thankfully, a new version of the authentication protocol called 3D Secure 2.0 came out in April 2019, containing security enhancements that prevent phishing scams from happening.FastComet. “3D Secure 2.0: The Future of Digital Payment Security is Now“. Accessed November 17, 2023..
How to Set Up & Activate 3D Secure Authentication
To enroll in 3D Secure authentication, you’ll first need to open an eCommerce merchant account. In doing this, be sure to select a 3DS payment gateway offering compatible integration with your website. Thankfully, several payment gateways now include this as a standard feature, so you shouldn’t have trouble finding one that does!
FAQs About 3DS Authentication
How do I know if I’m 3D Secure?
If you’re unsure if your business is using 3D Secure, make sure to ask about 3D Secure when going over the features of your online payment gateway. You can always call your payment gateway provider and ask after the fact, but most gateways do include it.
For customers, you need to enroll in the program to activate it. You’ll know it works when you’re redirected to a pop-up window after proceeding to payment.
What available 3D Secure platforms are there?
The most popular examples of 3D Secure platforms are Mastercard SecureCode and Verified by Visa.
What is a Mastercard SecureCode?
A Mastercard SecureCode is a type of 3D Secure protocol. It’s a private code attached to a Mastercard credit card that offers an additional layer of online security to customers. Account holders and their financial institutions are the only ones with access to the private code.
What is Verified by Visa?
Verified by Visa works the same way as Mastercard SecureCode, just for Visa cardholders. It protects any Visa cardholder during the checkout process by asking for a PIN or password in a separate pop-up window.
- FastComet. “3D Secure 2.0: The Future of Digital Payment Security is Now“. Accessed November 17, 2023.