What is 3D Secure and how does it work?

Andy Tweddle, Payments writer
16 Mar 2022
UI showing a payment confirmation screen

Internet sales in the UK — as a percentage of all retail sales — have been steadily increasing for the past decade, but the COVID-19 pandemic saw this figure spike to as high as 38% in 2021.

While this trend has helped businesses survive, it’s also facilitated a huge increase in payment-related fraud losses, totalling £1.26 billion in the UK in 2020. With fraud being such a problem, measures need to be taken to help prevent it.

That’s where 3D Secure (also known by its current iteration: 3Ds2) comes in. It’s a protocol specifically designed to add an extra layer of security to online card transactions. In this post we’ll explain exactly how 3D Secure works, discuss its benefits and its drawbacks, as well as consider other fraud-minimising payment methods.

What is 3D Secure?

3D Secure is a security measure designed to help protect merchants from credit and debit card fraud by adding an additional verification step when paying. 3D Secure was first put into practice by Visa as a security-enhancing feature for online payments. Today, there are many different security protocols for various credit cards, all based on the 3D Secure platform. Popular examples include:

  • Visa Secure

  • MasterCard SecureCode

  • American Express SafeKey

While these solutions all differ slightly from the original 3D Secure solution, they are all variations of the same technology.

How does 3D Secure work?

3D Secure is so named due to the three-domain model that the technology relies on to provide extra security at online checkout. These three domains are:

  • Acquirer domain (the merchant’s bank)

  • Issuer domain (the cardholder’s bank)

  • Interoperability domain (the infrastructure provided by the card company to support 3D Secure)

At the buyer’s end, the transaction process resembles the following:

  • The cardholder types their card information onto the payment form

  • The system checks that the card details are valid, then checks that the 3D Secure solution is active

  • The cardholder is redirected to a new form where they need to verify their identity. They can do this via a security question or two-factor authentication

  • The acquirer verifies the information. If there are no errors, then the payment will be accepted

  • Finally, the cardholder is redirected to a confirmation page which tells them the status of their transaction: either approved or denied

What is the difference between 3D Secure and 3D Secure 2.0?

3D Secure 2.0 (3DS2) is simply the current version of 3D Secure, which replaced the old 3D Secure 1 in 2017. According to 3DS2 provider GPayments, 3DS2 was built mobile-first, resulting in 66% fewer cart abandonments. 3D Secure 1 was known for being a poor experience for users, with slow page load times and high friction. 3DS2 has been widely rolled out, so it can be used interchangeably with the term 3D Secure.

Advantages of 3D Secure

3D Secure can be beneficial to both merchants and customers when it comes to card payments. Below are some of the key advantages of the solution.

Change in chargeback fraud liability

Usually, merchants are liable for chargebacks, making chargeback fraud more costly and stressful for merchants. However, with successful 3D Secure authentication, the liability for chargebacks related to fraud lies with the issuing bank.

Lower risk of card-not-present (CNP) fraud

CNP fraud happens when a fraudster uses stolen credit card details to buy something online. In 2020, UK businesses lost £453 million to CNP fraud. Due to the fact 3D Secure requires extra information from cardholders, such as security questions and two-factor authentication codes, many fraudulent transactions are prevented.

Customers feel more secure

Customers typically recognise the 3D Secure process, so they feel secure buying from online retailers using the protocol.

Disadvantages of 3D Secure

While 3D Secure reduces credit card fraud, the extra layer of security it provides is not without a few drawbacks:

More time consuming for customer

Adding extra steps to the checkout process can be off-putting to customers, simply because it requires more time and effort. In fact, Ravelin previously found that 91% of 3DS2 transitions took more than five seconds, while the average transaction took a lengthy 37 seconds. Some customers may have difficulty remembering their security questions, too, reducing the likelihood of them completing the purchase.

False declines

False declines are legitimate transaction attempts which are refused due to suspected fraud. This can occur when the risk-management solution is too strict, or the issuing bank falsely suspects fraudulent activity. According to an Aite Group report, false declines for payment card transactions exceeded $330 billion in 2018 in the US market alone. When this occurs, ecommerce sites often lose both revenue and customers.

3D Secure can be costly

Depending on the payment processor you use, implementing 3D Secure may incur additional costs. Visa, for example, charges a fee of EUR 0.02 per authentication request. Depending on your transaction volume, this can become costly. However, it’s worth carefully considering the reduction in fraud that may be achieved by 3D Secure and what that is worth to your business.

Can 3D Secure be used to meet SCA requirements?

With the 14 March 2022 strong customer authentication (SCA) enforcement deadline, comes the requirement for all UK businesses to use SCA on card payments. 3Ds2 is designed to meet SCA requirements, but it is worth carefully reviewing what transactions require authentication under SCA and if your business’s payment process is compliant. Read our guide to SCA.

Are there any more secure payment methods than card payments?

Compared to card payments, open banking payments, like those offered by TrueLayer, are a more secure payment method. Since it has SCA baked in, open banking payments are inherently secure against fraud.

Plus, while 3D Secure requires customers to fill in lengthy forms, open banking doesn’t require any keying in of card details. Instead, it simply redirects users to their banking app to authenticate the purchase. Overall, this makes for a quicker, easier and more secure payment method.

Find out more about open banking’s security benefits.

Insights straight to your inbox
Join 10,000+ subscribers getting the latest open banking news.
18 Apr 2024

5 points for the National Payments Vision

money moving in and out of a portal
10 Apr 2024

The guide to omnichannel payment processing

TrueLayer has won Payments Innovation of the Year at the 2024 FSTech Awards
15 Mar 2024

TrueLayer wins Payments Innovation of the Year at 2024 FStech Awards

Categories to explore