Card authentication and 3D Secure

What is 3D Secure?

3D Secure is an enhanced security protocol designed to protect online (card-not-present) credit and debit card transactions. With 3D Secure, customers are required to complete an extra authentication step to verify that they are indeed the card owner when making the transaction. The requirement is in the form of a prompt from the card issuer which asks the customer to enter a code shared with their mobile phone. Previous iterations of 3D Secure asked customers to enter a preset password, however, this has now been changed to a more seamless method of One-Time-Passwords (OTP).

By now, those who purchase goods or services online should be aware of the process involved. Visa calls their 3D Secure process “Verified by Visa”, while Mastercard’s solution is known as “MasterCard SecureCode”.


How we capture 3D Secure

PCI Booking recommends, for a number of reasons, that 3D Secure should be used whenever capturing customers’ credit cards. However, it is not mandatory. Should you decide to implement 3D Secure, customers will be prompted to respond to a “challenge” for user authentication upon entering their card details. This challenge will be displayed by PCI Booking within the secure payment page iframe – removing the need for any redirection away from the payment page or any further integration from your side. Once the customer has been authenticated, the 3D authentication result will be stored with the token. From here, you, the merchant, will send this additional data to the issuing bank with each transaction, without the need for continuous user authentication.

PCI Booking has integrated 3D Secure support with a number of our most popular payment gateways and we are always adding more.

Why use 3D Secure

As mentioned above, the principle reason for using 3D Secure is fraud protection. As the individual attempting to make the card-not-present purchase must verify that they are indeed the rightful card holder, it removes the risk of stolen card details being used to purchase services or goods through your site. The removal of that risk also removes the risk of chargebacks, not only from the natural drop in fraudulent activity, but also from what is known as liability shift. Liability shift is an important aspect of 3D Secure. Should a payment be disputed by the card holder, card brands have shifted liability (due to the higher security protections, and as an added incentive for merchants to adopt 3D Secure) from the merchant to the issuer.