back to insights


February 25, 2021

3D Secure Authentication in a Nutshell

3D Secure authentication was first introduced in 2001 by Visa through its Verified by Visa program due to a spike in eCommerce. This was motivated by the need for higher security measures in online payments. To find out how the story unfolded and what are the benefits of 3D Secure authentication, keep reading this article.

A Brief Timeline of 3D Secure

Over the years, eCommerce became an efficient and effective way for consumers to shop for goods and services from the comfort of their own homes. Online shopping provides a convenient way of purchasing for cardholders due to wide offer in all market segments, 24/7 availability, delivery tracking, and online card payment convenience.

Increased number of online transactions also opened doors for less wanted activities, one of them being fraudulent use of payment cards. To tackle this challenge, Visa introduced the 3D Secure 1 protocol through its Verified by Visa program in 2001. Other credit card schemes were quick to adopt the protocol as well, in order to secure online payments.

Nowadays, consumers have more ways to pay than ever before, whether through a browser, mobile app, or a connected device. Another trend is that online shopping is moving from the desktop to the smartphone, which results in the fact that today more than 45% of eCommerce traffic is mobile.

The original protocol from 2001 did not predict this trend. The design did not have proliferation of mobile in mind. This caused poor user experience on mobile devices and hampered the use of the latest trends in authentication methods.

It was evident that 3D Secure needed an upgrade. 3D Secure 2 protocol provides the best possible user experience in online shopping while having online payment security in mind. The end goal was to make online transactions both more secure and friction-free while making the authentication experience as smooth as possible.

3D Secure Overview

EMV 3D Secure is a messaging protocol that promotes easy consumer authentication while making card-not-present eCommerce purchases. It enables consumers to actively authenticate themselves with their card issuer if cardholder verification is necessary.

3D Secure stands for ''Three Domain Secure'' and involves the following domains:

  • Acquirer Domain – domain that initiates 3D Secure transactions; the bank and the merchant to which the money is being paid
  • Interoperability Domain – connects Acquirer and Issuer Domain; the infrastructure provided by the card scheme to support the 3D Secure protocol
  • Issuer Domain – domain that authenticates 3D Secure transactions; the bank which issued the card being used

3D Secure in Action

After the customer enters their payment information during checkout, they are redirected to their credit or debit card issuer's 3D Secure web page. Here, they provide one of the following:

  • The password they have previously set up with their issuing bank
  • A one-time authentication code which they received on their mobile phone
  • Biometry (fingerprint and face recognition) using banking secure mobile application...

In case of a frictionless transaction, the customer won't have to provide any further information. By entering the correct data, the payment will be approved by the card issuer, based on buyer's behavioral analysis confirming their authenticity.

Finally the customer is redirected to the initial website containing an order confirmation notification. It's that easy!

3D Secure authentication by Asseco

3D Secure Benefits

Since 3D Secure has many parties involved, we are going to summarize benefits for each participant. We already mentioned ultimate security and smooth user experience, but there are many more to discuss when talking about 3D Secure.

Benefits for Issuers:

  • Extensive data exchange that enables better decisions for risk assessment to challenge the cardholder or not (request for further payment information), and improves ''frictionless authentication''
  • Out-of-band authentication transaction flows compliant with the existing solution
  • Use of Strong Customer Authentication (SCA) that is compliant with PSD2
  • Reduction of costs for disputed transactions, retrieval requests, chargeback investigation, etc.

Benefits for Cardholders:

  • The authentication process is straightforward
  • Possibility to choose the preferred medium (tablet, mobile, etc.) to make online purchases without compromising on security
  • Improved security

Benefits for Merchants:

  • Easy-to-use and consistent service across multiple payment gateway platforms and digital media during transaction authentication
  • Increase in sales
  • Decrease of disputed transactions
  • Liability shift moves toward acquiring bank
  • Non-payment user authentication

Benefits for Acquirers:

  • Providing better service to the merchants by enabling the opportunity to increase sales and decrease disputed transactions
  • Increased payment reliability
  • Reduced transaction cost resulting in higher income potential

If you want to find out more, contact our Asseco 3D Secure Team at [email protected] or download the datasheet.

download datasheet
Request Trial

Interested in TriDES2?

Subscribe to our newsletter
© Asseco South Eastern Europe 2021. All rights reserved
clouddownload linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram