A Guide To 3D Secure Authentication
If you have ever used a credit card or debit card to make a payment while online shopping, then it is likely that you have already used 3D Secure. 3D Secure Authentication is an added security layer introduced into the payment process between customers and businesses to protect against fraudulent transactions.
The 3D Secure standard, alongside other fraud authentication methods introduced over the years - such as AVS, and CVV verification - allowed customers to have access to secure payment methods worldwide via credit card and debit card transactions.
What Is 3D Secure?
3D Secure is a fraud prevention measure that was launched in 2001 by Visa (as Verified-by-Visa). Over the years, the credibility of ‘verified by visa’ grew and is now backed and recognised by credit and debit card providers Mastercard (as Mastercard Secure Code) and American Express (as American Express SafeKey).
3D Secure is one of the key security features that protect against card payment fraud when you are taking online payments through a payment gateway. Whenever a customer makes a purchase from your online eCommerce store that is using 3D Secure, the payment system will automatically require the cardholder to provide more information to verify that they are owners of that credit card.
How Does 3D Secure Work?
3D Secure Authentication acts by directing the customer to an authentication page or pop-up window during the online transaction process where they’ll be asked to enter a password, that they have previously set up with their issuing bank, or a one-time authentication code that’s sent to their mobile phone by SMS to authorize their transaction. Only after successfully completing this process will a customer be able to complete their transaction.
With 3D Secure, the ACS (access control server) is on the card issuer side and the authentication page or inline frame will be hosted by the card holder's card provider. Sometimes customers won't be asked to provide any additional authentication details at all. After you enter the right details and the payment is approved by the card provider, you’re then automatically sent back to the website with an order confirmation message.
What Are The Benefits Of 3D Secure?
3D secure provides both online retailers and their customers with an added level of security when online shopping. 3D Secure helps to prevent card details from being stolen and also protects against any unauthorised transaction chargebacks.
Once the transaction has passed the 3D secure authentication process, the retailer is no longer liable for the purchase. Instead, the liability is passed onto the card payment provider, who is then responsible for resolving any customer issues or refunds.
The limits of 3D Secure
Perhaps the biggest disadvantage of 3D Secure for online retailers is that many users believe the additional authentication step ruins the user experience during the checkout process and is a nuisance or obstacle. This can result in an increase in transaction abandonment and lost sales.
In addition, 3D Secure is limited by the mass adoption of this authentication method being crucial in the 3 stage process of making a transaction.
The Key Players:
There are three key banking domains present throughout the transaction process, and with 3D Secure, it is important to identify all of these domains to know where the liability for fraud lies. These banking domains are:
Issuer Domain: The customer’s bank or cardholder brand.
Acquirer Domain: The merchant’s bank where their revenue will settle after a successful transaction.
Interoperability Domain: Regardless of Acquirer or Issuer, each card will typically be issued by the same large issuer. Within the UK this is most likely to be Visa or Mastercard.
3D Secure is not required in every country nor by every card scheme worldwide. However, in using 3D secure authentication at the checkout stage in your choice of payment gateway; the liability of chargeback fraud is more likely to fall on the acquirer and not the merchants who have implemented every measure to verify the identity of their customers. The implementation of 3D secure is likely to increase with the requirement of SCA compliance and the extension of its OLO scope.
SCA - A Breakdown:
The SCA regulatory mandate was announced as an addition to the Payment Service Directive (PSD2) payment standard that has been in place across Europe since 2016. In an extended effort to further authenticate payments at the checkout stage and verify cardholder identity, SCA was rolled out to reduce fraudulent transactions and the cost of chargebacks on merchants both in Europe and to an extent, abroad.
A key element of PSD2 is the introduction of additional security authentications for eCommerce transactions. SCA protocols work by acquiring two types of verification from customers to authenticate payments. This can be a physical entity such as hardware or biometric elements alongside something the customer knows, such as their password or an SMS code.
SCA will apply to all transactions taking place via debit or credit card with one entity based within Europe or its 31 economic areas. This is known as the one-leg in, one-leg out amendment to PSD2 (OLO).
The SCA mandate had an initial compliance deadline of September 2019, which has since been updated to be staggered out over a course of 15 months, to December 2020.
Whilst there are certain exemptions to payments made under the SCA mandate (depending on the monetary value of the transaction) the benefit of 3D secure authentication, will further lessen the friction that occurs in needing to become compliant.
The future of 3D secure:
3D secure 2.0 is the latest development of the authentication protocol that sits aside other fraud preventative measures such as address verification (AVS) and card verification value (CVV code) checks, used to lower the risk and cost of fraud on merchants across Europe and the globe.
The aforementioned payment developments, such as the roll-out of strong customer authentication (SCA) regulatory technical standards, presents the integration of 3D secure payment standards as the easiest means of security compliance.
What is 3D Secure 2?:
3D Secure 2 was released by a network of six major card issuers collectively called EMVco. Aimed to be less disruptive than its predecessor, 3D Secure 2 works by sending more data elements from the cardholder in the initial transaction stage, in order to perform a risk analysis. This determines whether the bank will push the transaction into a frictionless checkout flow, or have it challenged in the typical authentication environment found with 3D secure 1.
As banks currently begin to upgrade to 3D Secure 2, it’s still thought that European banks will not be fully up to date with the new standard until September 2020. In making a more detailed assessment on whether transactions need to enter a 2FA element such as an SMS code or password; even high-risk transactions can potentially be made with ease.
The upgrade to the 3D authentication is a move to resolve what was seen as added friction at the checkout in the move to increase payment security; especially when taking payments on mobiles and other smart devices. The improved design dramatically increases the user experience on mobile devices by being fully compatible with wallet mobile apps and in-app transactions, which, in turn, can also be used with biometric authentication.
With the added options of Apple Pay and Google Pay, that carry the benefits of already being 2 factor authentication compliant, additional payment choices are increasing conversions for merchants worldwide alongside reducing payment friction for consumers.
How Do I Get Started With 3D Secure Authentication?:
If you’re ready to get started taking payments, we can help. At Total Processing, our online payment gateway and processing solutions allow you to take payments through our 3D Secure hosted iframes with easy integration and full technical support.