3-D Secure: Everything Merchants Should Know

October 7, 2021

With eCommerce continuing to grow exponentially as more and more consumers opt for shopping from the comfort of their home and/or phones, online credit card transactions are as natural as throwing the cashier a twenty for some gas.

But with more transactions comes more opportunities for theft and fraud, and so coupled with this meteoric rise is an equally impressive wave of security and payment inventions that facilitate this boom and mitigate against bad players.

Cardmember associations such as VISA and Mastercard spend enormous energy developing new technologies for more secure and convenient transactions, and one of those mechanisms is known as 3-D secure. This is an XML-based protocol that improves data exchanges between acquiring banks and issuing banks and offers increased transaction protection.

3-D secure is fairly common these days, with many merchant services providers offering or supporting it in their payment gateways, although the latest version which was released in 2015 isn’t as widespread yet.

Today we’re going to dig into a bit more about what 3D secure is and how you should use it in your business.

What is 3D secure?

3-D Secure is a global VISA authentication solution designed to make eCommerce transactions more secure and reduce fraud.

Originally created by Mastercard and VISA, 3-D Secure is commonly known as “MasterCard SecureCode” or “Verified by Visa”.

So anytime you’ve come across that language (e.g. 3-D Secure verification failed), that’s referring to the 3-D Secure authentication system. 3-domain structure is also used from time to time.

In VISA’s own words, 3-D Secure, “Provides an additional layer of security for eCommerce transactions prior to authorization. It enables the exchange of data between the merchant, card issuer and, when necessary, the consumer, to validate that the transaction is being initiated by the rightful owner of the account.”

In other words, it is a specific protocol to mitigate against “card-not-present fraud”.

According to VISA, 1.2 billion card not present purchases are denied each year and half of all eCommerce declines are legitimate, so the latest version (2.0) of 3-D Secure aims to improve the accuracy of legitimate fraud alerts while making sure the right users can easily buy from the comfort of their phone or internet device.

This PDF from VISA goes talks a bit more about this.

That data exchange during the authentication process is where all the magic happens. By comparing information like past buying habits, shipping location, and device type, the issuing banks (banks like Chase) can better communicate and verify transactions with the merchant.

What’s actually happening during 3-D Secure

If your system has 3-D Secure, then the process that occurs is a bit like this:

  • The customer enters their payment information either from a phone or computer.
  • Your customer) sees a 3-D Secure page and has to follow an authentication prompt by entering a PIN or password (SMS text messages and one-time passwords are also common now).
  • Your system, the acquiring bank, and the issuing bank exchange encrypted information to accurately verify a customer’s identity and fires back an acceptance or declination.
  • The customer receives a notification of being accepted or denied.

Business benefits of 3-D Secure

Most of you should already be supporting 3-D Secure, but there are even more benefits for upgrading to version 2.0.

Blanket benefits of 3-D Secure

  • Fewer people abandon carts due to denials, which leads to more revenue.
  • Fewer chargebacks and labor losses due to fraud.
  • Reduced liability. If a fraudulent transaction is verified through 3d secure, the liability shifts the acquiring bank instead of the retailer.

Specific business benefits for 3-D Secure version 2.0:

  • Support fingerprint or face ID authentication.
  • Authentications can be so seamless the customer doesn’t realize they occur.
  • Increased payment flexibility across devices.
  • Improved messaging with supplementary information for better decisions on authentication
  • Non-payment user authentication,
  • Non-standard extensions to meet specific regulations and requirements, including proprietary out-of-band authentication solutions, used by card issuers
  • Better performance for end-to-end message processing
  • Improved datasets for risk-based authentication
  • Prevention of unauthenticated payment, even if a cardholder’s card number is stolen or cloned
  • Enhances functionality that enables merchants to integrate the authentication process into their checkout experiences, for both app and browser-based implementations.
  • Enables merchant-initiated account verification.
  • Supports specific app-based purchases on mobile and other consumer devices. Source

All Tidal Commerce merchants are equipped with 3-D Secure v.2.0 and can easily upgrade.

How to support or upgrade to the 3-D Secure Version 2.0

All things 3-D security are usually handled by an official VISA rep when working directly with an acquiring bank, issuing bank, or merchant. Your first step should be to reach out to your merchant services provider to see what version of 3-D Secure your business currently supports and what the steps are to get upgraded.

All of our merchants use 3-D Secure v2.0, and if you’re ready to start working with a future-proof merchant services company who always has your back, let’s chat.

We're the gold standard in payment processing

Providing our merchants with the latest tools to get the job done, from cutting edge payment solutions to award-winning technical support available 24/7/365. With Tidal Commerce you have a payments partner that will be there from your first dollar to your millionth.

circle We're available

Reach out today and find out how much you could be saving.