What is 3D Secure and how does it work?
3D Secure is an online anti-fraud security measure used by major debit and credit card issuers.
It might sound like just another ‘techy’ term that’s difficult to get your head around, but 3D Secure is really quite straightforward - and the likelihood that you’ve come across it before is quite high.
As you scroll down, you’ll realise that merchants and customers alike benefit from 3D Secure on a daily basis, as we explore some of the technicalities (without all the jargon!).
Quick Links:
> What is 3D Secure?
> What does 3D Secure stand for?
> How does 3D Secure authentication work?
> EU Payment Services Directive (PSD2) and Strong Customer Authentication (SCA)
> 3D Secure 2
> Why do we need 3DS2?
> How does 3D Secure affect my business?
> What are the benefits of 3D Secure for merchants?
> What are the benefits of 3D Secure for cardholders?
> Does 3D Secure prevent chargebacks?
> Getting started with 3D Secure
> FAQs
What is 3D Secure?
As outlined above, 3D Secure is an anti-fraud measure that acts as an additional layer of security during the card payment process online.
As the customer goes through your ‘online checkout’ to make a purchase, authentication is required. This is usually an additional step in the process - redirected to the card issuer’s 3D Secure page.
If you’ve ever shopped online, you’ll have seen it before.
It was first introduced by Visa in 2001, and has since been rolled out by other major card issuers, like Mastercard.
How does 3D Secure authentication work?
Once the customer is redirected to the secure page, the authentication element of 3D Secure can work in one of two ways:
- The customer is asked to enter a password that they’ll have set up with their bank previously
- The customer is asked to enter an authentication code sent directly via SMS to their mobile phone
If the information is correct, the customer is redirected back to the merchant’s online checkout interface. If the information is wrong - the authentication will be unsuccessful, which means that the card issuer can block the payment going ahead for security purposes.
On the other hand, once this authentication has been verified, the transaction can proceed. It’s quick, simple and (of course) secure!
EU Payment Services Directive (PSD2) and Strong Customer Authentication (SCA)
While 3D Secure has been a positive force for good, the industry as a whole has had to evolve in order to ensure consumers are always protected.
As far as 3D Secure is concerned specifically, the EU Payment Services Directive (which came into effect in January 2018) has placed stronger authentication requirements on all three parties involved in the 3D Secure process.
It’s something that merchants need to at least be aware of to ensure they remain compliant and help the authorities in their effort to reduce the number of fraud cases across the board.
This Strong Customer Authentication (SCA) process represents a step up from 3D Secure. Essentially, if the cardholder's bank deems the transaction risk to be ‘high’, the cardholder will be required to prove their identity in addition to the regular 3D Secure authentication process. This is known as a “challenge”.
3D Secure 2
On the flip side to the extra layer of fraud protection through the availability to “challenge” the cardholder - different types of improvements have been sought out to improve 3D Secure.
That’s where 3D Secure 2 (3DS2) comes in.
Addressing some of the main shortcomings of the original version of the concept, 3D Secure 2 enables businesses and their payment processing provider to send more elements of payment-specific data to the cardholder’s bank as the online transaction takes place.
Not only does this enable banks to more effectively determine the ‘risk’ of a transaction (as explained above), it also enables them to facilitate authentication quicker if necessary - without the need for customer input.
This not only makes the whole process much more secure, it also makes the customer experience better.
Why do we need 3DS2?
From a business perspective, there are a number of reasons why 3DS2 is becoming a necessity.
The first and obvious reason is compliance. Adopting 3DS2 is just one way your business is required to meet the remit for Strong Customer Authentication (SCA).
3DS2 is more secure - but also more efficient for the customer. If their bank is satisfied that the transaction isn’t fraudulent, the customer isn’t delayed in making their purchase with unnecessary authentication.
The benefits for merchants are also clear. Ecommerce businesses are much less subject to chargebacks as the liability for fraudulent transactions shifts from the merchant to the card issuers when transactions are authenticated.
Another key innovation that 3DS2 brings to the table is that it takes mobile experiences into account - providing customers with native in-app authentication. This means that advances in technology can be embraced much more readily during authentication, as the customer can verify their identity through biometric or facial recognition.
How does 3D Secure affect my business?
3D Secure has a very positive impact for online businesses - as it provides that extra layer of security against fraudsters.
Not only does this mean that your customers are more protected, it also enhances the trustworthiness and respect people have for your business.
Although many customers might find this extra step of authentication an inconvenience - most will understand that it’s there for the right reasons and in turn, feel more comfortable and confident about spending their money on your products and services.
What are the benefits of 3D Secure for merchants
Beyond the business impacts explained above, the key benefits for merchants specifically relate to the wider effort to reduce fraud.
With 3D Secure in place - the likelihood of criminal activity is instantly minimised. Not only does this make for safer payments, but it also reduces the number of
disputed transactions and chargebacks.
Not to mention, in most cases - 3D Secure doesn’t come at any additional cost for businesses with a payment gateway in place.
What are the benefits of 3D Secure for cardholders?
Again, increased security and protection against fraud is the primary benefit - but if you consider the customer’s mindset in general when making purchases you realise how much of a force for good 3D Secure can be.
It increases consumer confidence as it gives them peace of mind when shopping online. It’s also very easy to use and engage with.
Does 3D Secure prevent chargebacks?
3D Secure doesn’t necessarily prevent chargebacks - but having it in place reduces the number of disputed transactions.
For the most part, this is because of the significant liability shift we discussed above. Because the card issuer assumes part of the liability for the verification of transactions, the merchant is less responsible for handling reversals or disputed transactions - reducing chargeback ratio as a result.
So, although 3D Secure doesn’t guarantee a no-chargeback record - it can help your business to improve your overall chargeback ratio.
Getting started with 3D Secure
As mentioned above, there are usually no extra costs associated with adding 3D Secure to the mix as part of your online payment solutions.
If you want to talk more about your options, we’re more than happy to steer you in the right direction. Our online payment gateway solution includes security checks and 3D secure in the overall monthly package - so you can count on ensuring your customers can benefit from this extra layer of protection against fraud.
FAQs
Why is this extra layer of security being requested?
Payment service providers are required to deploy card issuer authentication of this nature for regulatory purposes - as enforced by the European Banking Authority.
How many attempts can I have?
This is subject to whoever the customer banks with - but the number of attempts is always limited for security purposes.
Can I opt out from using 3D Secure?
No - if the customer wants to make a debit or credit card purchase they will have to proceed through the 3D Secure authentication process, or find a different payment method altogether.