Shop
myPOS blog Tips

What is 3D Secure Authentication: 3DS Payments Explained

Tips / 11.07.2024

Ever since online shopping became available, major actors in the online payments space have tried to minimise the risk of fraudulent transactions. This was originally done with two-factor authentication as part of 3D secure authentication.

If you are a merchant who offers shoppers ease and convenience in terms of making online purchases and these concepts are new to you, you’re in good hands. That’s because, in this article, we explore what 3D secure authentication is, as well as everything you need to know about this payment authentication process.

The ultimate aim of this is to reduce fraud for both you and the cardholder to boost the security of online transactions. Let’s take a closer look.

TABLE OF CONTENTS

  1. What is 3D Secure protection?
  2. 3D Secure – how does it work?
  3. Advantages of 3D Secure technology
  4. Challenges and limitations
  5. Regulatory compliance and 3D Secure standards
  6. Best practices for optimising 3D Secure implementation
  7. Common myths and misconceptions about 3D Secure
  8. Future trends in 3D Secure authentication
  9. How can myPOS help you implement 3D Secure protection?

What is 3D Secure protection?

For those wondering what 3D Secure is, it is a payment security protocol introduced around 1999. It aims to reduce fraud in online payment transactions. In short, 3D stands for three domains interacting together to create a secure online payment environment. These domains are the acquirer domain, the card issuer, and the card scheme. 

In practice, the first version of 3D Secure kicked in when a customer wished to make an online payment. They would enter their card details onto the merchant’s webpage, after which a separate pop-up would appear. In this pop-up, customers would be required to enter an SMS code to validate the payment transactions. 

While this authentication method was an excellent way to add an additional layer of security and increase control over online payments, feedback and results showed that this initial version – or 3DS1 – negatively affected the customer experience. Many thought that the additional pop-up that appeared was a part of phishing scams, leading to high cart abandonment rates.

About one decade later, in the European Economic Area and many regions of the world, 3D Secure received a next-generation upgrade (commonly referred to as 3DS2), dividing transactions into low-risk and high-risk categories. This meant that low-risk transactions would follow a frictionless flow, and higher-risk transactions would be accompanied by a so-called challenge flow.

Here, customers would need to verify the transaction by inputting information only they know. This can be a password or a series of security questions to authenticate an online purchase. 

In the past, 3D Secure was called different things by different card schemes, including Visa Secure, American Express SafeKey and Mastercard SecureCode.

3D Secure – how does it work?

3D Secure – how does it work?

Today, when it comes to online payments, a customer goes to checkout to complete their transaction by entering their card details.

The card owner’s card issuers, the merchant’s acquirer and the card schemes such as Visa would study the transaction before payment authentication was granted. In cases of low-risk transactions, the customer would experience the frictionless flow mentioned above.

Meanwhile, for transactions considered high-risk, customers would need to prove that they are the card owners. They would do so by inputting a PIN, an SMS code, biometric authentication, or other means.

Advantages of 3D Secure technology

Apart from the frictionless customer experience when shopping online and the additional authentication required in the checkout flow, 3D Secure has several other advantages.

Among these include:

  • It offers more data for better risk assessments.
  • Shopper challenges were optimised with various flows, such as frictionless or challenge flows.
  • Merchants who use 3D Secure also benefit from a liability shift in that chargebacks in the case of 3D Secure transactions are passed onto the card issuer.
  • It is integrated with the shopping experience with the extra layer of authentication boosting the consumer experience.
  • It also boosts payment acceptance methods as merchants can now reduce the number of transaction abandonment rates.

Challenges and limitations

Of course, 3D Secure does come with specific challenges and limitations.

Some of these are:

  • The system requires lengthy and static passwords that a customer can easily forget.
  • An account may be connected to an old telephone number.
  • Merchants can lose money due to these inefficiencies.
  • Not all card issuers participate in the scheme, but chargebacks are limited.
  • It is also possible to get false declines of legitimate transactions, which can be quite costly for merchants.

Regulatory compliance and 3D Secure standards

The European Union passed the Payment Services Directive a few years ago to ensure customer safety when shopping online. This Directive requires strong customer authentication (SCA), which can include proving their identity with two of the following three criteria: knowledge, possession, and inheritance. 

Best practices for optimising 3D Secure implementation

To implement 3D Secure in your checkout process, you must know specific industry best practices.

Here are some worth considering:

  • Educate your customers that the 3D Secure process is not a threat or a part of fraud.
  • Have a detailed Frequently Asked Questions section on your website explaining the process.
  • Use the content in your online checkout to explain the security benefits of the verification process.
  • Inform your customers that verifying their identity is free and that it is an integral part of keeping their money safe.
  • Issue a warning that refreshing or returning to another page on desktop or mobile browsers will disrupt the process.
  • Avoid using 3D Secure authentication for some transactions. In particular, those where the conversion rate loss outweighs the benefit. Carefully study the country, currency and the value of the transaction.
  • You can open authentication on a new page or embed the frame into your checkout process. The latter is considered a more convenient option for shoppers, as it does not take them to a page from their issuer bank or domain.

By following these guidelines and industry best practices, you can significantly avoid customer churn, cart abandonment rates and fraudulent chargebacks.

3D Secure payments explained

Common myths and misconceptions about 3D Secure

Implementing 3D Secure in your checkout process is an important industry best practice. However, there are still myths around this protocol that need to be addressed.

Firstly, some still believe that 3D Secure is only for high-risk transactions.

Secondly, some merchants believe that all liability for chargebacks will shift to the card issuer.

Finally, some believe that 3D Secure protection is all that is required to prevent fraud in the online payment space. However, this is not the case and other means are strongly encouraged to be used to protect your business and its reputation.

Future trends in 3D Secure authentication

With the rise in identity theft and online fraud, 3D Secure is expected to see increased uptake over the coming years.

In addition, it is also expected to become more mobile-friendly, as an ever-growing number of consumers are shopping online and prefer a frictionless payments experience.

Furthermore, with the rise in internet access, more shoppers are expected to make purchases online due to its ease and convenience, meaning that 3D Secure will ultimately become a more prominent feature in the online payments space.

How can myPOS help you implement 3D Secure protection?

Payment service providers such as myPOS are perfectly equipped to help you implement 3D Secure protection. With risk-based authentication and password authentication, you can now enjoy a much simpler and more secure payment acceptance experience. 

When you choose myPOS for the state-of-the-art infrastructure provided, you will enter a new era of payment acceptance that is highly secure and accompanied by a free merchant account.

This account will be accessible through your free business card, which you can use to transact, as well as the industry-leading opportunity to gain instant access to accepted funds.

Frequently Asked Questions

No, 3D Secure is not outdated and remains an important requirement in many countries worldwide to address present fraud issues and enhance online payment security.

3D Secure became mandatory in the European Union in March 2020. It is also a mandatory requirement for banks in the United States.

When making an online payment, you will be taken to a separate page to enter a password or other information only known to you, or your merchant’s checkout page will have the 3D Secure protocol embedded in it.

Desi Tzoneva

Author

Desi Tzoneva

Related posts

Cookie

Select your cookie preference

We use two types of cookies - Necessary and Personalisation cookies. Necessary cookies are stored and processed in order to ensure you can access our website and view all its content in a bug-free and seamless manner, while Personalization cookies help us to provide you with more relevant content. If you continue using this website without clicking on the accept button below, we will not store or process any Personalization cookies for you. You can manage the way you interact with our cookies anytime by clicking on the cookie settings in the footer or the “Customize Cookies” button below.

You will find more information, including a list of each type of cookie, its purpose and storage duration, in our Cookies Policy.