3-D Secure is a security measure designed to help protect merchants and cardholders from credit or debit card fraud in online purchases. 3-D Secure is essentially an additional layer of safety measures that sit in the payment chain for online transactions. With 3-D Secure, the cardholder may need to enter a One Time Pin (OTP) in order to complete the payment in card not present transactions. The aim of 3-D Secure is to ensure that a payment is made intentionally by the actual account holder and not by a bad actor.

Online shopping has seen a sharp rise in growth over the last two decades. And of course with this has come the sharp rise in growth of credit card fraud, leading to huge losses by banks and merchants. Banks, card networks and governments are constantly devising and implementing measures to tackle online fraud, and one of these is 3-D Secure. It was initiated originally by Visa and MasterCard, but is also used by the majority of debit and credit card issuers. It is a standard protocol that card networks, banks and payment partners use globally.

3-D Secure gets its name from the three domains that are involved in the online payment ecosystem:

  1. The Acquirer Domain – this is the merchants acquiring bank, where the payment from the transaction will eventually end up
  2. The Issuer Domain – this is the bank that issued the card to the consumer, from which the funds will be paid to the merchant
  3. The Interoperability Domain – this is the infrastructure and online systems that communicate and make up the rest of the transaction process, such as the payment processor, payment gateway, servers, and so on.

So how does 3-D Secure work? 

Firstly let’s look at a very simplified version of the payment process in an online transaction without 3-D Secure:

  • The cardholder enters the card information at the checkout stage on the merchant’s website, using the payment gateway.
  • The payment gateway talks to the payment processor.
  • The payment processor talks to the cardholder’s bank to see if there are funds available for the transaction.
  • If the funds are available they are then transferred to the merchant’s bank, and the cardholder is told that their payment has been approved. 
  • If the funds are not available then the payment gateway will tell the cardholder that the transaction has been declined.

Next let’s look at a very simplified version of the payment process in an online transaction using the 3-D secure protocol:

  • The cardholder enters the card information at the checkout stage on the merchant’s website, using the payment gateway.
  • The payment gateway talks to the payment processor.
  • The payment processor talks to a directory server to see if the card used is enrolled in the 3-D secure program at the issuing bank.
  • If the card is enrolled in the program the cardholder will be sent an OTP by email or text message to enter into the payment gateway to authorize the transaction.
  • If the authorization is successful, the payment processor will talk to the missing bank to see if there are funds available in the cardholder’s account.
  • If the funds are available they are then transferred to the merchant’s bank, and the cardholder is told that their payment has been approved. 
  • If the funds are not available then the payment gateway will tell the cardholder that the transaction has been declined.

What are the benefits of 3-D Secure?

There is no one solution to credit card fraud, but 3-D Secure has several advantages:

  • Reduced risk of fraud – although criminals are ever inventive, 3-D Secure significantly lowers the risk of true fraud.
  • Liability shift – merchants may avoid liability for chargebacks in the case of true fraud if the transaction was authenticated by 3-D Secure.
  • Fewer disputed transactions – chargebacks are costly and labor-intensive for merchants.
  • Customer confidence – customers who feel safe with an online seller are more likely to be repeat customers.

What are the disadvantages of 3-D Secure?

As with any system, there can be some drawbacks when using 3-D Secure:

  • False declines – occasionally legitimate transactions are declined.
  • Costs – as with any service the merchant will pay fees relating to the authentication and authorization process.
  • Customer friction –  the process obviously takes longer for the customer, and if service providers like SMS providers take too long to send the OTP the customer may abandon the sale. In addition, the customer may not understand the process, or the onscreen layout may not easily facilitate the entry of the required information. And in some cases the customer may not be tech-savvy and may not understand what is required of them in order to complete their transaction.
  • Only reduces instances of true fraud – other types of fraud such as friendly fraud are not affected by 3-D Secure and will continue to happen.
  • Subscription payments – these may be exempted from the authentication and authorization process.
  • Transaction limits – in some circumstances authorization may not be required for transactions under a certain value.

In some parts of the world, the implementation of 3-D Secure is a requirement for cardholders and merchants, by banks, card networks, or even by law. In other places, 3-D Secure is purely an opt-in service.

3-D Secure is a valuable tool in the fight against criminals. However, it is only one tool of many that can be used in the ongoing battle against chargebacks. Talk to us at Baer’s Crest about secure payment solutions for your business.