--
inovio-logo.png

How 3D Secure works and what it can do to minimize fraudulent transactions

3d secure protecting customer transactions

Like it or not, fraud and online shopping go together like peanut butter and jelly. Consequently, any entrepreneur wishing to succeed in today’s hyper-vigilant data safety culture needs to embrace the latest security measures. 

To that end, 3D Secure credit processing, and its most recent iteration of 3D Secure 2, have come to be some of the most effective ways to provide an extra layer of digital protection that businesses of all sizes can utilize to their benefit.

What is 3D Secure?

3D Secure authentication, also known as payer authentication or 3DS, is a protocol that has been designed to reduce the risk of the identity theft, fraud and other types of data breaches that frequently occur during card-not-present (CNP) transactions. 

The “3D” in 3D secure refers to the various parties that participate in the authentication process: the acquirer (the bank or merchant receiving the payment), the issuer (the cardholder’s issuing bank) and the interoperability domain (the infrastructure of systems that support 3DS).

During the purchase process, the 3DS authentication system sends XML messages over Secure Sockets Layer (SSL) connections to create digital certificates designed to verify the identities of the customer. 

Although Visa was the first company to adopt 3D Secure in 2001, it has now become the preferred authentication system for all of the major companies, including Mastercard Identity Check, Discover Global Network ProtectBuy and American Express SafeKey.

3D Secure 2.0 explained

In spite of its initial success, 3D Secure was not perfect, and customers quickly raised some very legitimate concerns. Most notably, this system that had been invented in 1999 was not built for the burgeoning mobile culture that became prevalent in the early 2000s. 

Its inability to keep up with advancing technology resulted in an increasing number of declined transactions accompanied by rising frustration on the part of users.

In response, a coalition of financial institutions known as EMVCO rolled out 3DS 2.0. This updated platform contains a toolkit that makes it possible to easily integrate with mobile applications. 

From the user’s perspective, 3DS 2.0 furnished a more streamlined buying experience, enabling all of the authentication processes to occur behind the scenes instead of requiring the shopper to complete an added authentication process during checkout. 

With the updated version of 3DS, users are only required to furnish additional details when the system detects extra risk.

This upgraded authentication software also benefits merchants. Instead of retailers shouldering the liability burden, all 3DS transactions are the responsibility of the issuer. 

Moreover, merchants can now send up to 100 data elements to issuers, making for richer pools of information that make risk assessment more accurate.

How does 3DS authentication work?

3D Secure credit card processing facilitates a safer purchasing process for merchants and consumers alike. Through the use of XML messages, digital certificates, SSL connections and authentication, the various domains involved in the process can be confirmed.

The 3D Secure flow is relatively straightforward. When the customer is ready to complete their purchase, they enter their card information at checkout. The merchant’s payment gateway then sends details about the transaction and a 3D Secure verification request to the customer’s issuing bank, which ensures that the client’s card is registered. 

If it is, a verification response will be sent to the merchant, along with the URL to its ACS platform. If not, the seller can either end the transaction or proceed without the added security layer of 3DS.

If the system determines that the transaction represents an added risk, the cardholder will be redirected to the issuer’s ACS platform. Once there, the shopper will be prompted to confirm their identity. 

This can be done in several ways: by entering a unique password, answering security questions, presenting a fingerprint for identification or by clicking on an URL sent to the user’s cellphone. 

As long as the information provided is legitimate, the cardholder will be directed back to the merchant’s website and provided with a payment confirmation message.

How 3DS 2 enhances the payment process

The 2018 upgrade to this security platform has gone a long way toward resolving the issues found with its predecessor. With 3D Secure 2, the consumer enters their card data at checkout as before, with the payment gateway sending details and a 3DS 2.0 verification request to the cardholder’s issuing bank. 

The issuer then consults its records to see if the client is registered with either 3DS 1.0 or 2.0. The system then determines if the transaction represents any added risk.

If the transaction is low-risk, fraud screening and other security measures are conducted in the background without requiring any additional action from the customer. 

If a frictionless authentication is not recommended, the system runs a challenge authentication flow that demands additional input from the shopper. Additionally, the 3DS 2 platform can include a richer set of data, including the buyer’s transaction history, device ID and geolocation.

Why you should integrate 3D secure payments into your business

Fraud and other security breaches can severely compromise your business at any stage of its development. 

Although payment tokenization and other measures help to keep cyber criminals at bay, 3D Secure and 3D Secure 2 furnish you with a much more robust level of data safety that will offer you and your customers a strong digital shield without requiring protracted time and compliance measures. It helps to prevent data breaches by requiring that payments only come from legitimate sources. 

Enhancing the number of data points that can be exchanged further enables better risk-based authentication, and the process is now optimized and made secure for today’s mobile devices.

Furthermore, cardholder details remain insulated from access by unauthorized agents who are likely to distribute them to others online. Consequently, shoppers have peace of mind that may lead to greater brand loyalty and reduce shopping cart abandonment rates.

Cyber criminals never cease to search for chinks in companies’ security fortresses. As of now, 3D Secure and its most recent update represent the gold standard of cardholder protection throughout the checkout process. If you have not yet integrated these protocols into your operations, talk to your processing company about upgrading your data safety protocols. Both you and your customers will benefit.

Let's talk.

Learn more about the industry’s most intelligent payment gateway.