What is 3D Secure and how does it work?
3D Secure protection is a security measure for authentication online credit and debit card payments. Find out what it means for customers and businesses.
Internet sales in the UK — as a percentage of all retail sales — have been steadily increasing for the past decade, but the COVID-19 pandemic saw this figure spike to as high as 38% in 2021.While this trend has helped businesses survive, it’s also facilitated a huge increase in payment-related fraud losses, totalling £1.26 billion in the UK in 2020. With fraud being such a problem, measures need to be taken to help prevent it.That’s where 3D Secure (also known by its current iteration: 3Ds2) comes in. It’s a protocol specifically designed to add an extra layer of security to online card transactions. In this post we’ll explain exactly how 3D Secure works, discuss its benefits and its drawbacks, as well as consider other fraud-minimising payment methods.
What is 3D Secure?3D Secure is a security measure designed to help protect merchants from credit and debit card fraud by adding an additional verification step when paying. 3D Secure was first put into practice by Visa as a security-enhancing feature for online payments. Today, there are many different security protocols for various credit cards, all based on the 3D Secure platform. Popular examples include:
- Visa Secure
- MasterCard SecureCode
- American Express SafeKey
How does 3D Secure work?3D Secure is so named due to the three-domain model that the technology relies on to provide extra security at online checkout. These three domains are:
- Acquirer domain (the merchant’s bank)
- Issuer domain (the cardholder’s bank)
- Interoperability domain (the infrastructure provided by the card company to support 3D Secure)
- The cardholder types their card information onto the payment form
- The system checks that the card details are valid, then checks that the 3D Secure solution is active
- The cardholder is redirected to a new form where they need to verify their identity. They can do this via a security question or two-factor authentication
- The acquirer verifies the information. If there are no errors, then the payment will be accepted
- Finally, the cardholder is redirected to a confirmation page which tells them the status of their transaction: either approved or denied