3D Secure is a security protocol designed to protect consumers and prevent fraud in online credit and debit card transactions. Authorized by the payer, it adds an extra layer of protection during online payments to prevent unauthorized use. The term "3D" refers to the three domains involved in the process:
Issuer Domain: The bank that issues the customer's card.
Acquirer Domain: The merchant receiving the payment and their bank.
Interoperability Domain: The online infrastructure supporting 3D Secure.
When making an online purchase, 3D Secure typically redirects the customer from the merchant's website to their bank's website. The customer then confirms their identity by providing a password or entering a one-time authentication code sent to their phone. Once the correct details are provided, the customer is redirected back to the original website to complete the transaction.
➡️Benefits of 3D Secure for Businesses and Consumers:
For Consumers:
Protects against unauthorized use of their credit or debit cards online.
Ensures a secure and straightforward online payment experience.
For Businesses:
Enhances the legitimacy of payment systems in the eyes of customers.
Prevents chargebacks resulting from unauthorized card use.
Shifts liability away from the business in cases of fraud involving the customer's card and the business.
➡️Adoption by Major Card Providers:
The 3D Secure protocol was created in 2001 by Visa in partnership with Arcot Systems (now Broadcom’s CA Technologies). It is currently implemented by major card providers under various names:
Verified by Visa
MasterCard SecureCode
American Express SafeKey
Additionally, 3D Secure is supported by mobile payment systems such as Google Pay, Apple Pay, and Samsung Pay, allowing customers to make secure purchases through smartphone apps.
➡️Implementation Process for Businesses:
For businesses looking to implement 3D Secure, the process involves several key steps:
Customer Initiation: Customers begin the online transaction by entering their credit card information on the merchant's website.
Card Verification: A directory server is contacted to confirm that the card is registered for 3D Secure.
Authentication: The customer is redirected to a 3D Secure page provided by their bank, where they enter security details, such as a password or a code sent to their phone.
Authorization: The authentication data is sent to the directory server and then to the merchant's bank for authorization.
Completion: Upon successful authorization, the customer is informed of the transaction's result, and the merchant receives the payment.
If the required authentication code is not provided, the transaction will not be completed, even if all other details are correct. Multiple failed attempts may result in the card being temporarily locked for online payments to protect the cardholder from potential fraud.
➡️Importance of 3D Secure Today
Credit card fraud remains a significant global issue, costing consumers and businesses substantial amounts annually. Implementing security measures like 3D Secure is essential to protect both parties from fraud and to maintain trust in online transactions. By integrating 3D Secure into their payment systems, businesses can offer a safer shopping experience, reduce the risk of chargebacks, and foster stronger relationships with their customers.
In summary, 3D Secure is a critical tool in the fight against online payment fraud, providing benefits to both consumers and businesses by enhancing the security and integrity of online transactions.
➡️How Businesses Can Avoid Non-3D Secure Transactions
For a transaction to be 3D Secure, both the issuer (the bank that issues the customer’s card) and the acquirer (the merchant’s bank) involved in the transaction need to support 3D Secure. While Viva.com fully supports 3D Secure on the acquirer side, not all issuers currently support this security protocol.
The 3D Secure process is mandatory for online transactions made in Europe and the UK using cards issued within the EU and UK, in compliance with the PSD2 Directive. However, issuers outside the EU and UK are not obligated to support 3D Secure, although many are increasingly adopting it.
If the issuer does not support 3D Secure—either permanently or temporarily (e.g., due to a technical issue or service outage)—the transaction will not be 3D Secure protected. In such cases, liability for any unauthorized transactions may revert to your business.
If you prefer to accept only 3D Secure transactions to minimize your liability and enhance payment security, you can contact our Customer Support team and submit a request. Our team will review your request to ensure that your transactions continue to operate seamlessly and securely.