3D Secure Authentication is an online payments security protocol aiming to reduce fraud without interrupting the user experience. The 3D in 3D Secure Authentication stands for three domain model, including the Issuer (customer's bank), Acquirer (merchant's bank), and Interoperability domain within the online payments ecosystem. What 3D Secure Authentication offers is an elevated approach to securing online payments by implementing Strong Customer Authentication empowered by sophisticated authentication methods, including biometrics and push notifications.
The issue of fraudulent online payments was first addressed by Visa in 2001 when 3D Secure 1 was introduced. However, despite being a breakthrough piece of technology, the consumers were not satisfied with the user experience 3D Secure 1 offered. The authentication process usually consisted of numerous browser redirects and pop-ups, making the process look more like a fraud rather than a legitimate transaction. Also, in 2001 mobile payments were not a part of the online payments security scope. These, among other reasons, resulted in 3D Secure 2 – a more sophisticated approach to 3D Secure Authentication.
How does 3D Secure 2 Authentication work?
3D Secure payments carry a significant level of protection by demanding an additional authentication step. With the added authentication step, you're making sure that the user is the rightful owner of the credit card used to make the online purchase/transaction.
Common 3D Secure Authentication methods include push notifications, face recognition, fingerprint, and dynamically generated OTPs.
Thanks to richer data collection enabled by the new version of 3D Secure authentication, 3DS2 enables frictionless transactions. This means that transactions that are assessed as low-risk do not require additional authentication from the customer – powered by Risk-Based Authentication.
3D Secure 2 is not exclusively limited to payments. The 3D Secure Authentication model is also used for scenarios such as verifying credit cards when added to various e-wallets.
With the proliferation of mobile payments came the need to apply the 3D Secure Authentication model to mobile applications offering in-app purchasing. The 3DS SDK enables merchants to integrate 3D Secure Authentication into their mobile app, enabling a seamless checkout experience.
3D Secure 2 and Strong Customer Authentication (SCA)
The Strong Customer Authentication requirement makes 3D Secure 2 that much more important in case you're doing business in Europe. Since the SCA regulation demands additional authentication to be applied on European payments, 3D Secure 2 can prove to be the right solution to overcome the conversion issues while improving the user experience.
What makes 3D Secure 2 great is the ability to bypass SCA in certain scenarios – the SCA exemptions.
Your issuing bank automatically activates 3D Secure Authentication for issued cards. This makes you and all participating online merchants a part of the 3D Secure ecosystem. When shopping online at a merchant who is also a participant of 3D Secure, your card will be recognized, and your purchase will be protected by the 3D Secure protocol.
2. What's 3D Secure authentication?
3D Secure Authentication is an online payment security protocol aiming to reduce fraud without interrupting the user experience. The 3D in 3D Secure Authentication stands for three domain model, including the Issuer (customer's bank), Acquirer (merchant's bank), and Interoperability domain within the online payments ecosystem.
3. How do I know if my card is 3D Secure?
If you live in Europe, your card is automatically enrolled in the 3D Secure program. However, if you've yet to make an online purchase with your new card and would like to make sure that it is protected by 3D Secure, it is best to contact your issuing bank and check directly with them.
4. Which card issuers support 3D Secure?
3D Secure 2.0 is an online payment security protocol supported by Visa, Mastercard, Discover, American Express, and JCB International.
5. Is 3D Secure for online purchases only?
3D Secure authentication applies to online purchases only. The goal of the program is to verify the cardholder's identity, just as you would do with a PIN on an ATM or EFTPOS device, only remotely.
6. Is 3D Secure mandatory in Europe?
Although 3D Secure is not mandatory globally, all 44 countries in Europe are required to implement 3D Secure Authentication as an additional layer of protection for online payments under the PSD2 regulation.
Trides2: One stop shop for 3D Secure Authentication by ASEE