3D SECURE FREQUENTLY ASKED QUESTIONS

What is 3D Secure?

3D Secure is a security protocol designed to enhance the safety of online credit card transactions by verifying the cardholder’s identity. The “3D” represents its operation across three key domains: the issuer, the acquirer, and interoperability. Managed by EMVCo—a consortium owned by major credit card companies like Visa, Mastercard, American Express, Discover, JCB, and UnionPay—the protocol aims to reduce fraud in card-not-present transactions through improved authentication.

Why a New Specification Was Needed?

Although 3D Secure 1 has been widely adopted for over 17 years, the evolving market demands—especially with mobile and digital wallet integration—necessitated a new protocol. 3D Secure 2 was introduced to address these needs by focusing on new payment channels and improving security and performance to enhance user experience.

What Are the Key Improvements in 3D Secure?

3D Secure 2 moves beyond static passwords by incorporating dynamic authentication methods such as biometrics and token-based verification. It also uses risk-based analysis, evaluating detailed transaction data to determine when authentication is required. This approach simplifies the user experience by eliminating the need for cardholders to remember static passwords and reducing the risk of cart abandonment. Additionally, the protocol is optimized for mobile platforms and digital wallets.

What Are the Advantages of 3D Secure?

For Merchants: 3D Secure helps reduce cart abandonment rates by eliminating the need for cardholders to manually enter passwords. This streamlined process increases the chances of transaction completion and reduces lost sales opportunities.
For Issuers: The ability to gather and analyze comprehensive transaction data enables more accurate risk assessments, reducing fraud and chargebacks. This efficiency saves time and resources in dispute resolution.
For Cardholders: 3D Secure offers enhanced protection against credit card misuse by fraudsters, providing a faster and more seamless authentication experience compared to its predecessor.

How Do Frictionless Flow and Challenge Flow Differ?

3D Secure features two authentication processes:

Frictionless Flow: Allows issuers to authorize transactions without requiring additional input from cardholders. This is achieved through risk-based authentication (RBA), where transaction details are evaluated against historical data. If the risk is deemed low, the transaction is approved without further verification.
Challenge Flow: If the risk is high, additional verification is required from the cardholder. For details on Challenge Flow, including its operation and improvements, please contact us.

Is 3D Secure Used by All E-Commerce Websites?

The implementation of 3D Secure is optional for merchants but required in some regions like India and South Africa.

What Are the Liability Implications of Using 3D Secure?

Merchants using 3D Secure can benefit from liability shift, which protects them from chargebacks when authentication is attempted. However, support for this feature varies by card scheme and region. Mastercard began supporting liability shift in October 2018, while Visa’s adoption ranged from April 2019 to April 2020 depending on the merchant’s location.

Have You Used 3D Secure?

You may have encountered 3D Secure without realizing it if you’ve ever been asked to enter a password during an online transaction. Major credit card brands have their own versions of the protocol: Visa calls it “Verified by Visa,” Mastercard uses “Mastercard Identity Check,” and American Express offers “American Express SafeKey.” Despite the different names, all serve the same purpose under the unified 3D Secure protocol.