What is 3D Secure?
3D Secure is a security protocol that is designed to provide an additional layer of security for online credit card and debit card transactions. This protocol was created by Arcot Systems (now CA Technologies) and was first used by Visa to provide improved security for Internet payments.
How Does 3D Secure Work?
The name 3D comes from the three-domain model used to provide the additional layer of secure authentication between the financial authorization process and online authentication process. The three domains used to provide this security are:
Acquirer Domain: The bank and the merchant receiving the transaction payment.
Issuer Domain: The bank that issued the credit or debit card used for the transaction.
Interoperability Domain: The infrastructure provided for the card that’s used to support the 3D Secure protocol.
3D Secure uses XML messaging and SSL communication to secure and authenticate transactions.
As an online merchant, it is important that you understand how 3D Secure impacts the customer transaction process.
After completing the checkout process, customers paying with Visa or MasterCard are prompted to enter their Verified by Visa or MasterCard SecureCode.
The customer is then either redirected to the issuer’s website for authorization, or the authorization is completed within your payment solution.
If your customer is using an American Express, Discover card, or gift card, they are not prompted to enter a password.
If your customer is not enrolled in Verified by Visa or MasterCard SecureCode, the customer is prompted to enroll and create a password. The cardholder can decline registration, but when the customer reaches the maximum number of opt-out occurrences, the customer is no longer given the option to opt-out. The maximum number of opt-out occurrences is up to the credit card issuer, and the actions taken after the maximum is reached are also up to the credit card issuer.
It is important to note that as an online merchant you can decide which transactions require 3D Secure authentication. For example, you might identify high-risk transactions with your payment solution’s rules engine and then decide to further secure these transactions with 3D Secure.
What Are the Benefits of Using 3D Secure?
3D Secure offers card not present merchants the following benefits:
- Liability shift. As you know, when a chargeback occurs, you are typically liable for this transaction. With 3D Secure, the liability is shifted from you onto your issuing bank.
- Chargeback protection. When you use Verified by Visa, you are guaranteed to never receive a chargeback. This protection helps secure you against friendly fraud or chargeback fraud. Note: MasterCard does not have a similar policy.
- Customer confidence. As a Card Not Present merchant, customer confidence is critical. Many customers will feel more confident knowing there is an extra level of security in place to protect their data.
What Should I Tell Customers about 3D Secure?
It is significant to remember that while customers do want assurances that their transaction and data are secure, they also do not like extra confirmation steps and passwords. This means you must make sure you transparently explain that you are using 3D Secure (Verified by Visa or MasterCard SecureproCode) to provide them with extra safeguard.
Provide some clear information in the early stages of the checkout process that explains the 3D Secure process in simple terms, to allow the customer to be prepared for the extra authentication step.
Remind the customer that this extra security is free of charge and that there are no additional fees hidden within the overall transaction. Provide a link that gives the customer more information about the program. Additionally, make sure the Verified by Visa or MasterCard SecureCode logo is clearly displayed.