What is 3D Secure and how does it work?


3D Secure is an online anti-fraud security measure used by major debit and credit card issuers.

It might sound like just another ‘techy’ term that’s difficult to get your head around, but 3D Secure is really quite straightforward - and the likelihood that you’ve come across it before is quite high.

As you scroll down, you’ll realise that merchants and customers alike benefit from 3D Secure on a daily basis, as we explore some of the technicalities (without all the jargon!).

What is 3D Secure?

As outlined above, 3D Secure is an anti-fraud measure that acts as an additional layer of security during the card payment process online.

As the customer goes through your ‘online checkout’ to make a purchase, authentication is required. This is usually an additional step in the process - redirected to the card issuer’s 3D Secure page.

If you’ve ever shopped online, you’ll have seen it before.

It was first introduced by Visa in 2001, and has since been rolled out by other major card issuers, like Mastercard.

Card with securely locked padlock

People sitting around a table looking at documents

What does 3D Secure stand for?

If you break each part of the term down - it stands for 3 Domain Secure.

The three ‘domains’ are essentially the three parties involved in the process.
This includes the following:

  • The vendor
  • The acquiring bank
  • The card issuer

How does 3D Secure authentication work?

Once the customer is redirected to the secure page, the authentication element of 3D Secure can work in one of two ways:

  • The customer is asked to enter a password that they’ll have set up with their bank previously
  • The customer is asked to enter an authentication code sent directly via SMS to their mobile phone

If the information is correct, the customer is redirected back to the merchant’s online checkout interface. If the information is wrong - the authentication will be unsuccessful, which means that the card issuer can block the payment going ahead for security purposes.

On the other hand, once this authentication has been verified, the transaction can proceed. It’s quick, simple and (of course) secure!

Two people looking at a desktop monitor

Gold card payment on a keyboard

EU Payment Services Directive (PSD2) and Strong Customer Authentication (SCA)

While 3D Secure has been a positive force for good, the industry as a whole has had to evolve in order to ensure consumers are always protected.

As far as 3D Secure is concerned specifically, the EU Payment Services Directive (which came into effect in January 2018) has placed stronger authentication requirements on all three parties involved in the 3D Secure process.

It’s something that merchants need to at least be aware of to ensure they remain compliant and help the authorities in their effort to reduce the number of fraud cases across the board.

This Strong Customer Authentication (SCA) process represents a step up from 3D Secure. Essentially, if the cardholder's bank deems the transaction risk to be ‘high’, the cardholder will be required to prove their identity in addition to the regular 3D Secure authentication process. This is known as a “challenge”.

3D Secure 2

On the flip side to the extra layer of fraud protection through the availability to “challenge” the cardholder - different types of improvements have been sought out to improve 3D Secure.

That’s where 3D Secure 2 (3DS2) comes in.

Addressing some of the main shortcomings of the original version of the concept, 3D Secure 2 enables businesses and their payment processing provider to send more elements of payment-specific data to the cardholder’s bank as the online transaction takes place.

Not only does this enable banks to more effectively determine the ‘risk’ of a transaction (as explained above), it also enables them to facilitate authentication quicker if necessary - without the need for customer input.

This not only makes the whole process much more secure, it also makes the customer experience better.

Why do we need 3DS2?

From a business perspective, there are a number of reasons why 3DS2 is becoming a necessity.

The first and obvious reason is compliance. Adopting 3DS2 is just one way your business is required to meet the remit for Strong Customer Authentication (SCA).

3DS2 is more secure - but also more efficient for the customer. If their bank is satisfied that the transaction isn’t fraudulent, the customer isn’t delayed in making their purchase with unnecessary authentication.

The benefits for merchants are also clear. Ecommerce businesses are much less subject to chargebacks as the liability for fraudulent transactions shifts from the merchant to the card issuers when transactions are authenticated.

Another key innovation that 3DS2 brings to the table is that it takes mobile experiences into account - providing customers with native in-app authentication. This means that advances in technology can be embraced much more readily during authentication, as the customer can verify their identity through biometric or facial recognition.

How does 3D Secure affect my business?

3D Secure has a very positive impact for online businesses - as it provides that extra layer of security against fraudsters.

Not only does this mean that your customers are more protected, it also enhances the trustworthiness and respect people have for your business.

Although many customers might find this extra step of authentication an inconvenience - most will understand that it’s there for the right reasons and in turn, feel more comfortable and confident about spending their money on your products and services.

What are the benefits of 3D Secure for merchants

Beyond the business impacts explained above, the key benefits for merchants specifically relate to the wider effort to reduce fraud.

With 3D Secure in place - the likelihood of criminal activity is instantly minimised. Not only does this make for safer payments, but it also reduces the number of
disputed transactions and chargebacks.

Not to mention, in most cases - 3D Secure doesn’t come at any additional cost for businesses with a payment gateway in place.

Locked Padlock

Green shield with green tick

What are the benefits of 3D Secure for cardholders?

Again, increased security and protection against fraud is the primary benefit - but if you consider the customer’s mindset in general when making purchases you realise how much of a force for good 3D Secure can be.

It increases consumer confidence as it gives them peace of mind when shopping online. It’s also very easy to use and engage with.

Does 3D Secure prevent chargebacks?

3D Secure doesn’t necessarily prevent chargebacks - but having it in place reduces the number of disputed transactions.

For the most part, this is because of the significant liability shift we discussed above. Because the card issuer assumes part of the liability for the verification of transactions, the merchant is less responsible for handling reversals or disputed transactions - reducing chargeback ratio as a result.

So, although 3D Secure doesn’t guarantee a no-chargeback record - it can help your business to improve your overall chargeback ratio.

Locked padlock with phone receivers around it

Getting started with 3D Secure

As mentioned above, there are usually no extra costs associated with adding 3D Secure to the mix as part of your online payment solutions.

If you want to talk more about your options, we’re more than happy to steer you in the right direction. Our online payment gateway solution includes security checks and 3D secure in the overall monthly package - so you can count on ensuring your customers can benefit from this extra layer of protection against fraud.


Why is this extra layer of security being requested?

Payment service providers are required to deploy card issuer authentication of this nature for regulatory purposes - as enforced by the European Banking Authority.

How many attempts can I have?

This is subject to whoever the customer banks with - but the number of attempts is always limited for security purposes.

Can I opt out from using 3D Secure?

No - if the customer wants to make a debit or credit card purchase they will have to proceed through the 3D Secure authentication process, or find a different payment method altogether.

Financial disclaimer:

Terminal hire contracts are provided by Merchant Rentals Limited, who is authorised and regulated in the UK by the Financial Conduct Authority (FCA) for Consumer Hire under FRN 720500. Terminal hire can be for consumer hire and non-regulated hire contracts. Please check your contract carefully for details. Regulation of all consumer hire fall under the control of the FCA.

Handepay Ltd is authorised and regulated by the FCA for Consumer Credit under FRN 673564. Handepay is a credit broker for consumer hire not a lender.

Handepay acts as an introducer of card acquiring services on behalf of EVO Payments UK, the card acquiring service provider. EVO Payments UK is the trading name of EVO Payments UK Ltd, a payment institution that is authorised and regulated by the Financial Conduct Authority (FRN number 959332).

Existing Cards Businesses- The one-month rolling terminal hire contract from Merchant Rentals is only available to businesses that are switching from their current acquirer to EVO Payments UK arranged through Handepay.

New to Cards Businesses- The 12-month terminal hire contract from Merchant Rentals is only available to businesses that are new to card payments and wish to receive acquiring services from EVO Payments UK, arranged through Handepay.

The Next Day Banking Settlement service provided by EVO Payments UK incurs an additional fee of £4 a month on top of your acquiring service charges and fees. Provided your card machine performs a reconciliation before 12am (midnight), you’ll receive settlement of funds the next banking day.

Editorial disclaimer:

The information we provide does not constitute financial advice and might not apply to your business. Always carry out research into your business’ needs when choosing a new merchant services provider.

Sometimes, we link to other third-party websites to provide you with additional information. At the time of publication, we consider the information accurate, however, we do not have control over their content and are not responsible if any information on these websites change.

The products we display on our website are for illustrative purposes only - if your business requires additional facilities, you may receive a different model than advertised.

All of the information contained on this website, including fees, services and functionality, are correct at time of publishing. E&OE.