3D Secure Authentication Technology in a Nutshell
The opportunity to make card transactions online has simplified our lives but made online fraud as common as never before. The current trends show that fraudulent transactions will achieve $38.5 billion by 2027. Integrating 3D secure authentication was a necessary measure to protect online transactions even more. One extra password integrated with this technology has changed payment protection forever.
Read on to explore what is 3D secure, what stands behind the history of its creation and enhancements, learn how it works, and what are its benefits for e-commerce.
3D Secure Technology: How It Started?
Online payments, although on the rise, are in dire need of protective measures. And Visa, the largest payment card services corporation, is what stands behind the 3d-secure mechanism. Visa wasn’t involved in the development but was the first company to introduce such a protection option. Celo Communications released the initial version in 1999. The updated version of the 3ds validation prototype was introduced between 2000-2001.
At that time, payment with a 3D secure credit card required the user to enter the static security code during the checkout, and the bank should have verified the code. It significantly boosted the safety of online payments, but it’s not the year when the development stopped.
Evolution From 3D Secure to 3D Secure 2.0
2001 is when the technology was established. It was shown to the general public under the Visa brand and was initially called as Verified by Visa. Since then, the major card brands and online banks have started to adopt the 3DSecure protocol:
-
Mastercard - SecureCode;
-
Discover - Protect Buy;
-
JCB - J/Secure;
-
American Express - American Express SafeKey;
-
UnionPay - UPOP.
3d secure solution gained worldwide adoption, with mobile support released in 2011. There were many issues to be solved in the technology, and the release of 2.0 version in 2014 made that happen. Its key features were:
-
Risk assessment prior to verification;
-
Biometrics and OTP integration;
-
Cross-platform compatibility;
-
Support of QR codes and contactless payments.
All the major brands who already used 3ds authentication protocol started to integrate these features. In 2020, 3ds secure technology became the established industry standard for online payments.
3Ds Authentication: How It Works?
The essence of this security protocol is to connect financial authorization with online authentication. 3D Secure is based on a domain model, this is where the ‘3Ds’ in its name comes from. These three participants are the merchant domain, the bank domain, and the scheme (card networks).
When a user makes a payment online, the technology redirects them to a cardholder website for authorization. After that, the user should comply with the credit card 3d verification requirements (enter a static password or OTP). If the received data is correct, the transaction is allowed. The protocol sends messages in XML format over SSL channels to ensure client authentication.
It was a basic description of how a 3D secure credit card works. The protocol implementation in different card providers varies, but the differences mainly lie in technical specifications.
3Ds Authentication Step-By-Step
Here is a more detailed breakdown of the 3d secure verification flow:
-
Transaction initiation. The customer visits the merchant's website, selects goods or services, and proceeds to checkout. This is where the card information (card number, expiry date, cardholder name, etc.) is entered. The server defines whether the transaction supports 3Ds or not and sends a request to the bank;
-
Redirection to 3-d secure page. In this step, identity verification is required. Sometimes, verification can be processed via a pop-up window or in-app page. The cardholder has to enter the card password, OTP, or use biometrics (face or fingerprint recognition) for verification;
-
Issuer verification. The information entered by the user needs to be verified by the bank or payment system. The response is sent to the merchant’s bank and the merchant itself. The transaction is approved if everything is okay. If it fails, the user is offered to try 3ds payments again;
-
Transaction validation. After that, the customer is redirected to the merchant's website and can finish the purchase and check the details.
All these requests and redirects are instant, so the verification process with a 3D secure card is smooth and fast.
3Ds — the Technological Basis
There are a lot of small processes and technologies under this protocol, ensuring the process is effective and smooth. Check the work process and technical aspects below:
-
Enrollment and participation. The business’ server defines whether the cardholder bank is enrolled in the 3Ds program. All domains communicate via the encrypted protocol to accept/decline the transaction request;
-
Risk assessment. Since 2016, there has been a Risk-Based Authentication, analyzing the transaction context and its prospective security level. It’s based on device, user behavior, and transaction history;
-
Authentication methods. Plenty of verification methods can be used, based on user preferences or bank policies. These are static passwords, OTP sent via SMS or messengers, fingerprints, or facial recognition;
-
Data encryption. The requests and information exchange between the issuer, acquirer, and the scheme are provided via XML messages and various cryptographic keys sent via secured channels;
-
Transaction reports. The merchant server and the issues store the information about the last authentication processes. It can be accessed by the user and employed for dispute resolution.
The process of authentication with a 3ds credit card may only seem difficult, complicated, and time-consuming. In practice, it all takes minutes or even less.
3Ds And Its Role in Online Transactions
There are plenty of risks associated with CNP (card not present) transactions. And 3D Authentication remains to be the most effective measure taken against online payment fraud. All European countries have even made it mandatory for all businesses. The additional layer of authentication for credit and debit card transactions does even more than just allow users to feel protected.
The Ways Businesses And Customers Can Benefit From It
Even though 3 d secure verification is optional in many countries, both merchants and users opt for processing payments with it. These are the key benefits of this technology:
-
The risk of fraud is minimized. Consumers aren’t likely to face financial losses from fraud, and merchants are sure that malefactors won’t use stolen cards for making purchases, resulting in fewer fraud-related expenses or chargebacks;
-
Customers' confidence increased. Many people are still uncertain about online purchases, so the Verified by Visa or Mastercard SecureCode logo acts as a sign of 3d secured credibility;
-
Overall user experience gets better. This technology is compatible with all mobile devices and browsers, ensuring users can make payments anywhere and anytime. The fast loading speeds make the payment process seamless and instant;
-
The percentage of sales grows. There will be fewer abandoned carts with 3Ds technology implemented. Dynamic passwords don’t need to be remembered, so customers face fewer denials during verification and complete their purchases.
Every benefit is rooted in the core feature of 3ds cards: superior safety.
3Ds vs Other Authentication Options
There are several payment authentication methods used for CNP transactions, but 3ds verification remains the most common one, due to its multi-layered nature. Other methods like PIN codes, address verification, and CVV codes require only one step to be made by the user, not guaranteeing a decent protection level.
Main Differences And Advantages of 3D Card Verification Over Other Methods
Here’s a brief comparative analysis of popular authentication methods applied in payment systems:
-
Address Verification Service (AVS). This technology verified whether the cardholder's address matches the one on the credit card. Unfortunately, this option doesn’t verify the cardholder's identity, and system errors may influence its effectiveness. Unlike 3D Secure, AVS has to be combined with other verification options like CVV/CVC2 codes;
-
PIN code. This is the static code the cardholder sets to authorize transactions. If the PIN code is strong, it provides a decent level of security. But if someone steals it, they can do any action with a stolen card. 3D Secure offers entering an OTP, making unauthorized access almost impossible;
-
CVV and CVC codes. These codes are usually printed on the back of credit and debit payment cards and used as a basic verification measure. Again, if the card is stolen, the customer and merchant aren’t protected from fraud. It’s possible to change settings in mobile banking and make CVV/CVC codes dynamic, but the effectiveness of these codes will still be far lower than that of 3D Secure.
As you see, all these verification methods are one-step ones, whereas 3Ds is a multi-layered and more dynamic process that analyzes the risk level to adapt the available authentication methods and offer the most effective one.
Errors And Issues With 3Ds: How To Solve Them?
Even such systems like 3d secure can fail at times. The transaction may decline or your authentication may fail due to various reasons: you entered the wrong information or the OTP doesn’t match the one sent by the bank. Here are key solution methods to be used:
-
Double-check the card details you entered;
-
Try to pass authentication again or use another method;
-
Make a purchase in another browser;
-
Contact the cardholder to define the nature of the problem.
There can be some technical errors on the cardholders’ or merchants’ side that should be solved by them.
How To Enroll to 3D Secure?
If you own a Visa 3D Secure, you don’t need to do anything to activate it, as it happens automatically. But sometimes you’ll have to do it manually:
-
Contact the card issuer. They’ll tell you whether the card supports 3Ds technology and how to check if it's enabled;
-
Log in to your mobile banking. Locate the Settings section and find anything related to the technology there. It’s usually referred to as Verified by Visa, Mastercard Securecode, Protect Buy, etc.;
-
Follow the prompts. Enter the personal information to verify yourself and choose the authentication method to be used for future transactions. Confirm the action, and you’re done.
Now you can go shopping online and test the protection capabilities of this tech in action.
How To Know If 3Ds Is Enabled?
If you aren’t sure that your credit or debit card supports 3d secure, here are a few fast ways to check it:
-
Visit the cardholder website and find such information;
-
Try to make a payment online and see if you get redirected to the authentication page;
-
Contact the bank or payment system customer service and ask them about it.
Visa, Mastercard, American Express, and other major card and online payment services provided integrated 3D sec long ago. If you have a card issued by them, this technology is certainly integrated.
Where Could 3Ds Be Employed: Examples
3D Secure authentication is effective in different scenarios besides e-commerce and can be applied almost to any type of online payment. Here are the most popular usage examples:
-
Ecommerce transactions;
-
Recurring payments in subscription-based services;
-
Booking tickets, cards, and hotels in the travel industry;
-
Online banking and financial services;
-
Online gaming platforms.
The ways to use 3Ds will go far away from those mentioned above. Anything you purchase or pay for online is likely to be protected with 3Ds solutions.
The Future of 3Ds
It may seem that this technology is at its peak now and all the possible protective measures and mechanisms are already integrated into it. But there are a few prospects of 3d secure that’ll be implemented in the near future.
First of all, the 2.0 version of the protocol will soon become widespread and even mandatory in certain countries, especially in Europe. Second, the capabilities of AI will be used to improve the existing risk-based transaction assessment and adaptive authentication. Third, even more measures will be taken for user protection, considering the growing number of payments made via smartwatches and other wearable devices.
Compliance With Laws And Regulations
The acuteness of the issues with data security worldwide gave rise to the development of various laws regarding data protection. That is why it’s obligatory for merchants, banks, and financial institutions to know the regulations and meet them to protect users’ data. These are:
-
Payment Services Directive 2 (PSD). It’s a European set of standards for ensuring payment protection security, including Strong Customer Authentication (SCA) and Transaction Risk Analysis (TRA).
-
General Data Protection Regulation (GDPR). This regulation defines how customers' data should be collected, stored and used.
-
Payment Card Industry Data Security Standard (PCI DSS). This standard regulates the encryption of information during transactions and after it’s processed.
3D verification technology complies with all the strictest requirements stated in all these laws ensuring the safety and security of information. No matter where you pay with 3Ds, legal compliance is guaranteed.
Bottom Line
The introduction of 3Ds technology by Visa was a breakthrough in the way CNP payments are protected. Moreover, that was the best solution payment companies made to combat the rising problem of online fraud. Although there were many changes and innovations associated with this technology, the current version 2.0 we use now is not the final solution since more serious cyber threats are emerging. Be sure that we’ll see another revolution in the digital payment landscape made by 3Ds evolution.
FAQ
What is 3D Secure?
This is a encryption protocol for protecting debit and credit card transactions released by Visa.
What is 3d Secure Authentication?
It’s a process during which the customer proves they are who they say they are via OTP or biometrics.
What is 3Ds Verification?
This is a step that aims to confirm the user's identity to approve further transactions.
What is a 3D Secure credit card?
It’s a card supporting a 3Ds technology and allowing you to pay safely.
What is a 3Ds Visa?
Verified by Visa, or 3D Secure Visa is an implementation of 3D protocol for payment safety.
What is 3D Secure payment?
This is a transaction made via 3Ds protocol.
How does 3D Secure work?
Such a payment redirects users to an authentication page where they are required to submit an OTP or use another verification method to prove their identity. Only after it’s successful, the payment is processed.
What if 3Ds Authentication failed?
You can try again after refreshing the page or contact your financial institution support to solve this problem.
How do I fix 3Ds Authentication failed?
Initiate the transaction process again in another browser or device. If the problem is on the bank side, contact support.
How to activate a 3Ds Visa?
When you issue a card in the payment system supporting this protocol, it’s activated automatically. If it doesn’t happen, request an enrollment guide from customer support.
How do I know if my card is 3D Secure?
Search for this information on the bank’s website or your mobile banking. 3Ds logos at the site footer mean it’s supported. Contact the card issuer if no information is stated there.
Which credit cards use 3Ds?
All major card providers like Visa, Mastercard, JCB, American Express, and others issue cards supporting this technology.
Do all credit cards have 3D Secure?
Not all existing cards accept this technology, so check this information with your card provider.
How do I enable 3Ds?
Follow the instructions in mobile banking or website to make your credit card 3d secure.