3-D Secure is a protocol designed to reduce fraud and chargebacks during e-commerce transactions. It allows card issuers to provide an extra level of protection, by authenticating cardholders at the point of sale (e.g. with a secret password or biometrics) if the payment is deemed high risk.
What are the advantages?
- Reduces the likelihood of fraudulent transactions from being completed.
- In the event of a dispute with the transaction at a later date, the card issuer will take financial responsibility for the chargeback in most instances*.
*The liability issues associated with 3-D Secure transactions lie outside the scope of this guide. For further info, please refer to our question on the liability shift in our FAQs.
What does the customer see?
After the customer has entered their card details, checks are performed behind-the-scenes using metadata made available by their browser. In most cases, the transaction is deemed low-risk, and the customer will briefly be shown a holding message before the payment is processed (without needing to enter further information).
Alternatively, in cases where the customer is deemed sufficiently high-risk, they will be displayed an overlay for authentication, hosted by the Access Control Server (ACS), where they will be prompted to verify their identity (e.g. through biometrics, such as a finger-print reader, or by entering a PIN).
If authentication is successful, the transaction will be processed.
Most e-commerce merchants will already have 3-D Secure version 1 enabled on their site reference(s).
To upgrade your existing 3-D Secure version 1 implementation on your test site reference(s) to version 2, please contact our Support Team.
To check if your live site can be upgraded to enable 3-D Secure version 2, please contact our Support Team.
The 3-D Secure 2.0 protocol introduces support for the seamless transmission and checking of a richer set of metadata and session data during the transaction, allowing the majority of payments – which are deemed low risk – to be processed without interrupting customers to perform authentication. Authentication is instead only performed on the minority of payments that are deemed high risk. This reduces the time that the average consumer takes to complete a transaction.
Rather than purely relying on PIN or passwords that the customer may struggle to remember, authentication can now be performed by biometrics (fingerprint / facial recognition) or sending a code to a customer’s mobile device. This makes it easier for your customers to complete payments and ultimately reduces shopping cart abandonment.
3-D Secure has been updated to provide comprehensive support for modern mobile devices, simplifying the authentication process for all customers, regardless of the type of device used to process the payment.
In addition to reducing the likelihood of fraudulent transactions, in the event of a dispute with the transaction at a later date, the card issuer will take financial responsibility for the chargeback in most instances.
Note: The liability issues associated with 3-D Secure transactions lie outside the scope of this guide.
For further information, please refer to our question on the liability shift in our FAQs.
Fraud checksAVS and security code checks