The last decade has seen online sales in the UK grow significantly. According to Office for National Statistics (ONS) data, the value of internet sales was over £2 billion in January 2024 — up 240% compared with January 2014.
Unfortunately, the increase in online payments brought an increase in payment fraud. Yet, while fraud is a common and expensive problem (in the first half of 2023, £340.7 million was stolen via unauthorised fraud), there are ways to combat it.
That’s where 3D Secure (also known by its current iteration: 3DS2) comes in. It’s a protocol specifically designed to add an extra layer of security to online card transactions. In this post, we’ll explain exactly how 3D Secure works, discuss its benefits and drawbacks, as well as exploring other fraud-minimising payment methods.
What is 3D Secure?
3D Secure is a security measure designed to help protect merchants from credit and debit card fraud by adding a verification step when paying. 3D Secure was first put into practice by Visa as a security-enhancing feature for online payments. Today, there are many different security protocols for various credit and debit card payments, all based on the 3D Secure protocol. Popular examples include:
Visa Secure
MasterCard SecureCode
American Express SafeKey
While these solutions all differ slightly from the original 3D Secure solution, they are all variations of the same technology.
How does 3D Secure work?
3D Secure is so named due to the three-domain model the technology relies on to provide extra security at online checkout. These three domains are:
Acquirer domain (the merchant’s bank)
Issuer domain (the cardholder’s bank)
Interoperability domain (the infrastructure provided by the card company to support 3D Secure)
From the consumer’s perspective, the transaction process resembles the following:
The cardholder types their card information onto the payment form.
The system checks that the card details are valid and then checks that the 3D Secure solution is active.
The cardholder is redirected to a new form where they need to verify their identity. They can do this via a security question or two-factor authentication.
The acquirer verifies the information. If there are no errors, then the payment will be accepted.
Finally, the cardholder is redirected to a confirmation page which tells them the status of their transaction: either approved or declined.
What is the difference between 3D Secure and 3D Secure 2?
3D Secure 2 (3DS2) is simply the current version of 3D Secure, which replaced the old 3D Secure 1 in 2017. 3D Secure 1 was known for providing a poor user experience, with slow page load times and high friction. In contrast, 3DS2 doesn’t require a page redirect for the authentication process, reducing friction and cart abandonment. However, while a significant improvement, 3DS2 still has UX and conversion issues. As of 2023, 18% of attempted payments were still failing when using 3D Secure 2.2.
Advantages of 3D Secure
3D Secure can be useful to both merchants and customers when it comes to card payments. Below are some of the key advantages of the solution:
Change in chargeback fraud liability
Usually, merchants are liable for chargebacks, making chargeback fraud more costly and stressful for merchants. However, with successful 3D Secure authentication, the liability for fraud-related chargebacks lies with the issuing bank.
Lower risk of card-not-present (CNP) fraud
CNP fraud happens when a fraudster uses stolen credit card details to buy something online. In the first half of 2023, UK businesses lost £173.8 million to CNP fraud. Because 3D Secure requires extra information from cardholders, such as security questions and two-factor authentication codes, it prevents many fraudulent transactions.
Customers may feel more secure
64% of online shoppers see security as their top priority when making a payment. The increasingly recognisable 3D Secure process can help customers feel secure buying from online retailers that use the protocol.
Disadvantages of 3D Secure
While 3D Secure reduces credit card fraud, the extra layer of security it provides is not without a few drawbacks:
More time-consuming for customers
Adding extra steps to the checkout process can be off-putting to customers simply because it requires more time and effort. Ravelin previously found that 91% of 3DS2 transactions took more than five seconds, while the average transaction took a lengthy 37 seconds. As a result, most merchants in the UK and Ireland are at least somewhat concerned about the impact of 3D Secure on conversion.
False declines
False declines are legitimate transaction attempts that are refused due to suspected fraud. This can occur when the risk-management solution is too strict or the issuing bank falsely suspects fraudulent activity. When this occurs, ecommerce sites often lose both revenue and customers.
Can 3D Secure be used to meet SCA requirements?
Since the March 2022 strong customer authentication (SCA) enforcement deadline, all UK businesses are required to use SCA on card payments. 3DS2 is designed to meet SCA requirements, but it is worth carefully reviewing what transactions require additional authentication under SCA and if your business’s payment process is compliant.
Do alternative payment methods use 3D Secure?
SCA is a requirement for online payments in Europe. While there are exemptions, this means that all payment methods must meet SCA requirements. 3DS, however, is a solution specific for online card payments. Many buy now pay later (BNPL) and mobile wallet payment options are built on top of cards, so still require 3D Secure.
Open banking payments, on the other hand, have been designed to comply with PSD2 and SCA from day one (since 2018). They’re inherently secure and the user flows have been refined over the last few years to make it easy for customers to pay this way:
By adding open banking payments to the checkout, merchants can boost overall conversion rates and reduce abandonment caused by poor SCA flows.
In the UK, the largest banks were required to follow guidelines which has led to much more consistent payment journeys.
As a result, open banking payments typically involve 5-7 steps (compared to 10+ for SCA card journeys).
Using open banking payments as a sales recovery method for failed or incomplete card payments
As well as operating as a standalone payment method at checkout, open banking payments can also be used as a method for recovering online card payments, where the consumer dropped out of the authentication journey or the payment was falsely declined by 3D Secure.
This can be done by simply offering the customer the option to retry the payment using open banking. With baked-in SCA and fewer payment steps, you increase the likelihood of a successful payment and gain revenue that would have otherwise been lost.
To find out more about how open banking payments at checkout can increase conversion and reduce payment failures, book a demo with one of our payment experts.
5 points for the National Payments Vision
The guide to omnichannel payment processing
