What’s your first thought when you hear “3-D Secure”? Well, unfortunately, I have to disappoint you – it has nothing in common with three-dimensional world. 3-D Secure adds another security layer to online payments.
This authentication method is based on a three domain model (that’s why it’s called 3-D). These three domains are:
- acquirer domain (the merchant and the bank which gets money)
- issuer domain (the bank which issued the card)
- interoperability domain (the service provided by the credit card company, Visa, MasterCard, etc.)
How it looks from the customer’s perspective?
When a customer wants to finalize a transaction, he types all the credit card information. The merchant checks the card – if it’s enrolled for 3-D Secure, the customer is being redirected to the website provided by credit card company. Then the client types his password for 3-D Secure and is redirected back to the merchant’s website. If authentication suceeds – the payment is finalized and completed.
But what about the merchant?
Well, adding 3-D Secure authentication to an existing merchant’s system doesn’t require much work. A merchant needs only to modify the request to the acquirer – usually it’s just an additional parameter.
Using 3-D Secure has a very important advantage for merchants – it reduces „unauthorized transaction” chargebacks. Even if somebody gets access to the credit card number, it’s useless until the password for 3-D Secure is known only by the cardholder.
Is 3-D Secure really cool?
The whole system involves a pop-up window appearing during the payment process. The problem here is that the customer has to determine whether this new opened window is really from the cardholder’s bank or a fraudulent website trying to harvest card details.
Moreover, mobile browsers present particular problems for 3-D Secure, due to the lack of some features like frames or pop-ups. Even if the merchant provides mobile versions of his websites, the authentication can fail – they just usually do on mobile platforms.
So, in short, 3-D Secure makes your payments platform more safe and trusworthy, but a little bit more inconvenient to use.
Different names for the same technology
3-D Secure technology was developed by Visa to improve the security of Internet transactions. Visa offers it as the Verified by Visa service, while MasterCard adopted this technology as the MasterCard SecureCode. Moreover, JCB International and American Express also offers this technology – under the name J/Secure and SafeKey.
This post was written by Michał Nowakowski