Last Updated: 5th December 2019
3D Secure authentication is an added security layer introduced into the payment process between customers and businesses to protect against fraudulent transactions.
Launched by Visa as ‘Verified by Visa’ in 2011, 3D secure authentication acts by directing the customer to an authentication page - hosted by their card provider - where they’ll be asked to enter a password or a verification code sent to them via SMS to authorize their transaction. Only after successfully completing this process will a customer be able to complete their transaction.
Over the years, the credibility of ‘verified by visa’ grew to be adopted by other card schemes such as Mastercard Identity Check and American Express SafeKey.
The 3D Secure standard, alongside other fraud authentication methods introduced over the years - such as AVS, and CVV verification - allowed customers to have access to secure payment methods worldwide via debit and credit card.
The limits of 3D Secure:
The mass adoption of this authentication method is crucial in the 3 stage process of making a transaction.
The Key Players:
Three banking domains are present throughout the transaction process. When 3D secure authentication is concerned, it is all the more important to identify these domains to know where the liability for fraud lies.
Issuer Domain: The customer’s bank or cardholder brand.
Acquirer Domain: The merchant’s bank where their revenue will settle after a successful transaction.
Interoperability Domain: Regardless of Acquirer or Issuer, each card will typically be issued by the same large issuer. Within the UK this is most likely to be Visa or Mastercard.
3D secure is not required in every country nor by every card scheme worldwide. However, in using 3D secure authentication at the checkout stage in your choice of payment gateway; the liability of chargeback fraud is more likely to fall on the acquirer and not the merchants who have implemented every measure to verify the identity of their customers. The implementation of 3D secure is likely to increase with the requirement of SCA compliance and the extension of its OLO scope.
SCA - A Breakdown:
The SCA regulatory mandate was announced as an addition to the PSD2 payment standard that has been in place across Europe since 2016. In an extended effort to further authenticate payments at the checkout stage and verify cardholder identity, SCA was rolled out to reduce fraudulent transactions and the cost of chargebacks on merchants both in europe and to an extent, abroad.
SCA protocols work by acquiring two types of verification from customers to authenticate payments. This can be a physical entity such as hardware or biometric elements alongside something the customer knows - such as their password or an sms code.
SCA will apply to all transactions taking place via debit or credit card with one entity based within Europe or its 31 economic areas. This is known as the one-leg in, one-leg out amendment to PSD2 (OLO).
The SCA mandate had an initial compliance deadline of September 2019, that has since been updated to be staggered out over a course of 15 months, to December 2020.
Whilst there are certain exemptions to payments made under the SCA mandate (depending on the monetary value of the transaction) the benefit of 3D secure authentication, will further lessen the friction that occurs in needing to become compliant.
The future of 3D secure:
3D secure 2.0 is the latest development of the authentication protocol that sits aside other fraud preventative measures such as address verification (AVS) and card verification value (CVV code) checks, used to lower the risk and cost of fraud on merchants across Europe and the globe.
Aforementioned payment developments, such as the roll-out of strong customer authentication (SCA) regulatory technical standards, presents the integration of 3D secure payment standards as the easiest means of security compliance.
What is 3D Secure 2?:
3D Secure 2 was released by a network of six major card issuers collectively called EMVco. Aimed to be less disruptive than its predecessor, 3D Secure works by sending more data elements from the cardholder in the initial transaction stage, in order to perform a risk analysis. This determines whether the bank will push the transaction into a frictionless checkout flow, or have it challenged in the typical authentication environment found with version 1 of 3D secure.
As banks currently begin to upgrade to 3D Secure 2.0, it’s still thought that European banks will not be fully up to date with the new standard until September 2020. The upgrade to the 3D authentication is a move to resolve what was seen as added friction at the checkout in the move to increase payment security; especially when taking payments on mobiles and other smart devices.
In making a more detailed assessment on whether transactions need to enter a 2FA element such as an SMS code or password; even high-risk transactions can potentially be made with ease.
With the added options of apple pay and google pay, that carry the benefits of already being 2FA compliant, additional payment choices are increasing conversions for merchants worldwide alongside reducing payment friction for consumers.
At Total Processing, our payment gateway and processing solutions allow you to take payments through our 3D secure hosted iframes with easy integration and full technical support.