3D Secure is a security protocol that is designed to provide an additional layer of security for online credit card and debit card transactions. This protocol was created by Arcot Systems (now CA Technologies) and was first used by Visa to provide improved security for Internet payments.
It’s likely that you have heard of programs such as Verified by Visa, MasterCard Secure Code, J/Secure, and American Express SafeKey. These payment security services are based on 3D Secure.
How Does 3D Secure Work?
The name 3D comes from the three-domain model used to provide the additional layer of secure authentication between the financial authorization process and online authentication process. The three domains used to provide this security are:
- Acquirer Domain: The bank and the merchant receiving the transaction payment.
- Issuer Domain: The bank that issued the credit or debit card used for the transaction.
- Interoperability Domain: The infrastructure provided for the card that’s used to support the 3D Secure protocol.
3D Secure uses XML messaging and SSL communication to secure and authenticate transactions.
As a merchant, it’s important that you understand how 3D Secure impacts the customer transaction process.
- After completing the checkout process, customers paying with Visa or MasterCard are prompted to enter their Verified by Visa or MasterCard SecureCode
- The customer is then either redirected to the issuer’s website for authorization, or the authorization is completed within your payment solution.
If your customer is using an American Express, Discover card, or gift card, they are not prompted to enter a password.
If your customer is not enrolled in Verified by Visa or MasterCard SecureCode, the customer is prompted to enroll and create a password. The cardholder can decline registration, but when the customer reaches the maximum number of opt-out occurrences, the customer is no longer given the option to opt-out. The maximum number of opt-out occurrences is up to the credit card issuer, and the actions taken after the maximum is reached are also up to the credit card issuer.
It’s important to note that as a merchant you can decide which transactions require 3D Secure authentication. For example, you might identify high-risk transactions with your payment solution’s rules engine and then decide to further secure these transaction with 3D Secure.
What Are the Benefits of Using 3D Secure?
3D Secure offers merchants the following benefits:
- Liability shift: As you know, when a chargeback occurs, you’re typically liable for this transaction. With 3D Secure, the liability is shifted from you onto your issuing bank. Note: it’s important you review all documentation provided by your issuer to ensure you understand the rules and regulations regarding 3D Secure implementation.
- Chargeback protection: When you use Verified by Visa, you’re guaranteed to never receive a chargeback. This protection helps secure you against friendly fraud or chargeback fraud. Note: MasterCard does not have a similar policy.
- Interchange benefits: You may be able to access lower interchange fees and benefit from longer payment terms with your acquirer.
- Customer confidence: As a CNP merchant, customer confidence is critical. Many customers will feel more confident knowing there is an extra level of security in place to protect their data.
What Should I Tell Customers about 3D Secure?
It’s important to remember that while customers do want assurances that their transaction and data are secure, they also do not like extra confirmation steps and passwords. This means you must make sure you clearly explain that you are using 3D Secure (Verified by Visa or MasterCard SecureCode) to provide them with extra protection.
Provide some clear information in the early stages of the checkout process that explains the 3D Secure process in simple terms, to allow the customer to be prepared for the extra authentication step.
Remind the customer that this extra security is free of charge and that there aren’t any additional fees hidden within the overall transaction. Provide a link that gives the customer more information about the program. Additionally, make sure the Verified by Visa or MasterCard SecureCode logo is clearly displayed.
How Can I Learn More about 3D Secure?
Read the documentation provided to you by your credit card issuer, and do not hesitate to ask them any questions you have.
Also, we suggest you browse the Verifi website and learn more about new device technology and the future of password authentication.
We welcome you to contact us with your questions about 3D Secure, and how to best ensure that your business and customers are protected from malicious and fraudulent activity.