What is 3D Secure Authentication and How Does It Work

In today’s digital age, more and more consumers are shopping online. With that, it’s no longer possible for merchants to check ID or signature to ensure that the person making a purchase is who they say they are. This has led to a heightened need for security measures to protect both merchants and customers.

One solution to counter this problem is 3D Secure Authentication. 3D Secure acts as a fraud prevention solution with an added layer of security that helps protect buyers and merchants from fraudulent online transactions.

This article will discuss what 3D Secure Authentication is and how the 3DS authentication process works. We will also examine the benefits of using 3D Secure Authentication for merchants and provide some tips on implementing it at online checkout.

TL;DR

  • 3D Secure acts as an added layer of security that helps protect buyers and merchants from fraudulent online transactions.
  • It works by sending a one-time code that must be entered during checkout to complete the purchase.
  • Merchants benefit from reduced chargebacks, added security for customers, and adopting standards that meet the SCA regulations that allow them to transact worldwide.

What is 3D Secure (Secure 2.0) Authentication?

3D Secure Authentication is known by a few names. The EMV 3DS solutions by EMVCo are: Verified by Visa or Visa Secure, MasterCard SecureCode, Discover ProtectBuy, and American Express SafeKey. More generically, it may be referred to as 2.0 authentication or 3D Secure.

What it means, though, is three domains (3D). Those domains are;

  1. The issuing bank
  2. The retailer
  3. The 3DS (3D Secure) infrastructure platform that sits in between (Verified by Visa, etc.) those mentioned above.

Regardless of what you call it, all of these systems are based around the same underlying technology, and they each provide an extra layer of security when processing online payments. 3D Secure Authentication ensures that the person making the purchase is verified as the actual owner of the debit or credit card being used.

When a customer attempts to make a purchase on your website using their credit or debit card, 3D Secure will prompt them for additional information to confirm their identity. This could be a one-time password, a PIN code, or even facial recognition or other biometric verification. Once the customer has provided this additional layer of authentication, the card transaction will be allowed to continue.

The goal of 3D Secure Authentication is to provide an extra layer of security, making it harder for fraudsters or thieves to transact with stolen credit cards.

What Is the Difference Between 3D Secure and 2D Secure?

2D security is the old-school way to transact. If 3D is a three-domain process, 2D uses just two:

  1. The issuing bank
  2. The retailer.

Essentially, 2D is how it was done before. E.g., merchants had to manually validate that a customer’s card details were legitimate and their order was not fraudulent. A process that is never 100% sure.

3DS is the next authentication step to really combat illegitimate card-not-present transactions and use advanced technology to quickly and easily verify customers. Adding an additional authentication step (third domain) makes it incredibly difficult for fraudsters to process transactions with stolen cards.

3D Secure 1 vs 3D Secure 2

The original version of 3D Secure was released in 2001. It used a system that required customers to enter their card details on a separate website from the one they were trying to make a purchase from. When the purchase button was pressed, a redirect would occur, a new page would pop up, and users would have to enter their details there. This was a positive step forward at the time. But, naturally, these messy steps caused a great amount of pushback.

In 2015, Version 2 of 3D Secure was released as an improvement on the above system. This new version eliminates the need for customers to be redirected to a different website, creating a frictionless authentication flow on the same page. This makes it easier for both customers and merchants. Customers feel more comfortable with less friction. Thus, they are less likely to bounce off the site before completing their transaction.

Learn More

How Does 3D Secure Authentication Work?

At a high level, 3D Secure Authentication works by authenticating the customer’s identity before allowing a transaction to go through. This process typically involves a two-step verification procedure that requires additional information from the customer, such as a PIN or one-time password. The point is to limit static passwords and replace them with codes that only the cardholder can access.

3DS in action

  1. The customer adds items to their online shopping cart and proceeds to checkout. So far, the user experience is exactly as it would be on any eCommerce site.
  2. The merchant’s website will initiate a 3DS request with the customer’s card issuer on the payment page. This is the first step of the process, and it is handled directly between the merchant and the payment processor. The payment processor will send a request for authentication to the customer’s card issuer. The customer’s card issuer then sends back a response in real time with a status indicating whether or not the transaction should be allowed to proceed.
  3. If the authentication is successful, the customer will be prompted to enter additional information (i.e., a one-time password or PIN code) to verify that they are the actual cardholder.
  4. Once the customer has successfully entered the requested information, an authorization code will be sent back to the merchant. This will confirm that the customer’s identity has been verified and the transaction can proceed.
  5. The merchant completes the payment process, and the customer’s purchase is finalized.

Benefits of 3D Secure Authentication for Cardholders

The primary benefit of 3D Secure Authentication for cardholders is improved payment security. By giving cardholders an extra layer of verification and protection, they can feel more secure when making online purchases. Moreover, if cards are lost or stolen, the additional security layer provided by 3DS will alert the cardholder and limit the thief’s ability to use them.

Additionally, some banks may offer fraud protection services or refunds if a fraudulent transaction occurs while using 3D Secure. This provides another incentive for customers to use this technology.

Benefits of 3D Secure Authentication for Merchants

The primary benefit of 3D Secure Authentication for merchants is reduced liability and potential chargebacks. If a fraudulent transaction occurs, the card issuer may take responsibility instead of the merchant.

Given that 30% of chargebacks are requested due to a transaction being made from a stolen card, 3D secure can save a huge amount of time, money, and hassle.

There are several other benefits, too. Here are some of the most notable ones:

  • Improved Customer Experience: With improved security measures, customers will feel more secure making purchases from your business. This can result in increased customer satisfaction and loyalty.
  • Lower Processing Fees: Card issuers often offer lower processing fees for transactions made using 3D Secure Authentication. This means businesses can save money on each transaction.
  • Improved Brand Reputation: As customers become savvier to online security measures, they’re more likely to do business with companies that use 3D Secure Authentication. This can help businesses build a stronger brand reputation and attract more customers.

And, as mentioned:

  • Lower Risk of Fraud: By requiring additional customer information, businesses can reduce the risk of fraudulent transactions.
  • Reduced Chargebacks: Chargebacks are costly for merchants. By using 3D Secure Authentication, merchants can reduce their chargeback rates and ultimately save money.
  • Liability Shift: As mentioned, some card issuers may offer liability shifts if a fraudulent transaction occurs while using 3D Secure Authentication. This means the card issuer would be responsible for any losses instead of the merchant.

Overall, 3DS powers secure card payments so that businesses can protect themselves from fraud, improve security for customers and potentially save a great deal of time and money.

What’s Driving the Need for Strong Customer Authentication?

The technology industry and its capabilities move at a rapid pace. Alongside it, regulations and standards are constantly evolving to keep up. Strong customer authentication (SCA) mandates are being developed and applied across the world.

The EU’s PSD2

One of the most notable regulations driving the need for strong customer authentication is known as the European Union’s Revised Payment Service Directive (PSD2). This directive requires businesses to confirm customers’ identity when they enter a payment transaction using 2 or more factors. This is what’s commonly known as two-factor authentication (2FA) or multi-factor authentication (MFA).

The idea behind this new regulation is to protect customers from fraud and ensure that businesses have secure payment methods. 3D Secure 2 (3DS2) meets the criteria for PSD2.

Australia’s SCA Regulation

Australia has adopted similar strong customer authentication regulations. The Australian Payments Network (AusPayNet) mandate requires merchants to use a 3D Secure system of either two-factor authentication (2FA) or multi-factor authentication (MFA).

2FA is a process that requires customers to enter two pieces of information (e.g., a password and an OTP or a one-time PIN) to verify their identity when entering payment transactions. An example of 2FA would be entering a password and then being sent an OTP via SMS.

MFA is similar but requires customers to enter three pieces of information instead of two. An example of MFA would be entering a password, answering a security question, and then being sent an OTP via email or text.

As transactions transcend borders, regulations in one part of the world have great impacts on others. With the US a major market in global payments, the adoption of 3D Secure and the need for Strong Customer Authentication are expected to grow exponentially over the coming years.

3DS Beyond eCommerce

As 3D secure technology has become more widespread, it’s being adopted for applications outside of just eCommerce transactions. For example, many acquirers (banks), like JCB, are using 3DS to authenticate customers when they access their online banking services. With the high risk of fraud a serious issue for banks and customers alike, this is an effective way to protect both parties.

In travel and hospitality, 3DS is being used to verify customers’ age or identities. Even when signing up for newsletters or other free services, 3DS is being used to confirm the user’s identity and ensure malicious data mining efforts are thwarted.

How To Set Up 3D Secure Payment Authentication

Setting up 3D Secure payment authentication for your business is relatively straightforward and can be done in just a few steps.

  1. Contact Your Payment Processor: The first step is to contact your payment processor and ask if they provide 3D Secure Authentication services.
  2. Enable 3DS on Your Website: Once you’ve determined your payment processor is compatible with 3DS, you’ll need to enable the service on your website.
  3. Set Up Your Payment Gateway: Through your payment processor, you will need to set up a payment gateway API that supports 3D Secure Authentication.
  4. Implement Security Protocols: Finally, you’ll need to adhere to the security protocols associated with 3D Secure. This means implementing two-factor authentication, encryption, and tokenization measures to ensure that all customer data is securely stored and processed.

What Role Do Encryption and Tokenization Play in 3D secure?

Encryption and tokenization are two key components of 3D secure that help ensure customer data remains protected.

Encryption is the process of scrambling data (such as card numbers) using an algorithm, making it unreadable to anyone who does not have access to the encryption key. This ensures that even if the data points are intercepted or stolen, they cannot be viewed without the key.

Tokenization is then a process applied to securely store data. Instead of storing sensitive customer information, like payment and personal details, in a database, tokenization replaces the data with randomly generated “tokens.” This way, even if someone were to gain access to your system, they wouldn’t be able to make use of the data, as the tokens are meaningless without the corresponding encryption key. Tokenization is essential for 3D Secure systems, as it ensures customers’ personal information remains secure during payment transactions.

Conclusion

3D secure payment authentication is an important security measure that helps protect businesses and customers alike from fraud. By implementing 3DS2 solutions, businesses can ensure that customer data is securely stored and protected from malicious actors. Customers feel safer, and merchants are in a prime position to transact globally, adhering to the standards of other regulated markets.

Request a Quote