With eCommerce continuing to grow exponentially as more and more consumers opt for shopping from the comfort of their home and/or phones, online credit card transactions are as natural as throwing the cashier a twenty for some gas.
But with more transactions comes more opportunities for theft and fraud, and so coupled with this meteoric rise is an equally impressive wave of security and payment inventions that facilitate this boom and mitigate against bad players.
Cardmember associations such as Visa and Mastercard spend enormous energy developing new technologies for more secure and convenient transactions, and one of those mechanisms is known as 3D Secure. This is an XML-based protocol that improves data exchanges between acquiring banks and issuing banks and offers increased transaction protection.
3D Secure is fairly common these days, with many merchant services providers offering or supporting it in their payment gateways, although the latest version which was released in 2015 isn’t as widespread yet.
Today we’re going to dig into a bit more about what 3D Secure is and how you should use it in your business.
What is 3D Secure?
3D Secure is a global authentication solution designed to make eCommerce transactions more secure and reduce fraud. Originally created by Mastercard and Visa, 3D Secure is commonly known as "MasterCard SecureCode" or "Verified by Visa".
So anytime you’ve come across that language (e.g. 3D Secure verification failed), that’s referring to the 3D Secure authentication system. 3-domain structure is also used from time to time.
In Visa’s own words, 3D Secure, “Provides an additional layer of security for eCommerce transactions prior to authorization. It enables the exchange of data between the merchant, card issuer, and, when necessary, the consumer, to validate that the transaction is being initiated by the rightful owner of the account.”
In other words, it is a specific protocol to mitigate against “card-not-present fraud”.
According to Visa, 1.2 billion card not present purchases are denied each year, and half of all eCommerce declines are legitimate, so the latest version (2.0) of 3D Secure aims to improve the accuracy of legitimate fraud alerts while making sure the right users can easily buy from the comfort of their phone or internet device.
That data exchange during the authentication process is where all the magic happens. By comparing information like past buying habits, shipping location, and device type, the issuing banks (banks like Chase) can better communicate and verify transactions with the merchant.
How does 3D Secure work?
If your system has 3D Secure, then the process that occurs is a bit like this:
- The customer enters their payment information either from a phone or computer.
- Your customer sees a 3D Secure page and has to follow an authentication prompt by entering a PIN or password (SMS text messages and one-time passwords are also common now).
- Your system, the acquiring bank, and the issuing bank exchange encrypted information to accurately verify a customer’s identity and fires back an acceptance or declination.
- The customer receives a notification of being accepted or denied.
What are the benefits of 3D Secure?
Most of you should already be supporting 3D Secure, but there are even more benefits to upgrading to version 2.0.
General business benefits of 3D Secure include:
- Fewer people abandon carts due to denials, which leads to more revenue.
- Fewer chargebacks and labor losses due to fraud.
- Reduced liability. If a fraudulent transaction is verified through 3D Secure, the liability shifts to the acquiring bank instead of the retailer.
Specific business benefits for 3D Secure 2.0 include:
- Support fingerprint or face ID authentication.
- Authentications can be so seamless the customer doesn’t realize they occur.
- Increased payment flexibility across devices.
- Improved messaging with supplementary information for better decisions on authentication
- Non-payment user authentication,
- Non-standard extensions to meet specific regulations and requirements, including proprietary out-of-band authentication solutions, used by card issuers
- Better performance for end-to-end message processing
- Improved datasets for risk-based authentication
- Prevention of unauthenticated payment, even if a cardholder’s card number is stolen or cloned
- Enhances functionality that enables merchants to integrate the authentication process into their checkout experiences, for both app and browser-based implementations.
- Enables merchant-initiated account verification.
- Supports specific app-based purchases on mobile and other consumer devices.
How to support or upgrade to 3D Secure 2.0
All things 3D security are usually handled by an official Visa rep when working directly with an acquiring bank, issuing bank, or merchant. Your first step should be to reach out to your merchant services provider to see what version of 3D Secure your business currently supports and what the steps are to get upgraded.
All Tidal Commerce merchants are equipped with 3D Secure 2.0 and can easily upgrade. If you’re ready to start working with a future-proof merchant services company that always has your back, let’s chat.