3-D Secure: Card Authentication & Fraud Protection for Merchants
What do Verified by Visa, Mastercard SecureCode, and American Express SafeKey have in common? They’re all fraud protection tools based on a technology called 3-D Secure (often shortened to just 3DS).
The 3-D Secure system was designed to protect consumers—and you as a merchant—from online payment card fraud. The goal here is to insure that card transaction completed online are made by the actual cardholder.
3DS technology has been an important defense against fraudulent chargebacks over the last two decades. But, while 3-D secure has helped address eCommerce fraud, many merchants have been slow to adopt the technology. They worry that it lowers conversion rates and encourages shopping cart abandonment.
In this post, we’ll look at what 3-D Secure is and how it works. We’ll also see how it’s evolved since first becoming available, the pros and cons of the technology, and whether you should really worry about3DS impacting conversion.
Recommended reading
- Detecting Credit Card Fraud in 15 Steps
- What is Transaction Risk Analysis? How Does it Work?
- Fraud Detection: Here's How Merchants Can Stop Fraud in 2023
- Credit Card Shimmers: Are You Prepared for “Skimming 2.0?”
- What is Transaction Fraud? How Do You Prevent It?
- How to Prevent Online Fraud With Mastercard SecureCode
What Is 3-D Secure?
- 3-D Secure
3-D Secure is a security technology that works like a PIN code for online purchases. The goal of 3DS is to authenticate purchasers as authorized cardholders. This extra layer of verification helps protect both cardholders and merchants from fraudulent transactions.
[proper noun]/*• three • dee ●si •kyoor •/
3-D Secure is a customer authentication protocol created for eCommerce. The system is used to validate buyers at checkout, creating an additional layer of security for online transactions. Card networks recommend that both issuing banks and merchants support the protocol.
You can enroll in 3DS programs through each card brand. If you’re not comfortable doing this yourself, contact your processor or merchant account provider see if they offer 3DS and can help you deploy it in your eCommerce store. There are also third-party providers that can help you implement 3-D Secure verification as part of a chargeback management plan.
The “3-D” in the name refers to the three domains that are bridged by the protocol:
3-D Secure by Card Brand
Although based on the same technology, 3-D Secure verification tools vary slightly depending on the card scheme. It also goes by different names, according to the brand.
What is 3DS 2.0?
As we mentioned, 3-D Secure has been proven to increase shopping security. However, the original release (3-D Secure 1.0, or 3DS1) had inherent flaws. The protocol added friction to the checkout process, for example, and only supported browser-based transactions. This resulted in a negative customer experience, as well as lower conversions for most merchants.
3-D Secure can be effective. It’s still important to deploy comprehensive, multi-level fraud management, though.
3-D Secure 2.0, along with later updates, functions more seamlessly and includes new features. This version of 3-D Secure is required to accept credit cards in Europe (as of this writing, it remains optional in other regions).
This article will discuss 3-D secure broadly without always making a distinction between 1.0 and 2.0. For more information specifically about the newer 2.0 protocol, including an analysis of the differences between the first and second versions, we recommend reading the below article:
Learn More About 3DS 2.0How Does 3-D Secure Work?
3DS1 authenticates cardholder information by way of a static password or PIN. The consumer is typically presented with a pop-up window to enter a pre-established code. The concept was simple, but the execution was lacking.
The newer 3-D Secure authentication serves the same purpose using different means. Nearly 150 points of transaction data are sent to the issuing bank, automatically and in real time. This includes things like IP address, merchant category code, shipping address, and so on.
The issuer compares the transaction data against known customer information such as buying history or payment card address. Artificial intelligence and machine learning assess the fraud threat, and one of five transaction labels will be returned to the merchant:
| Transaction Label | Description |
| Authentication successful | Proceed with purchase. |
| Authentication attempted | An unsuccessful attempt was made to authenticate the customer. |
| Authentication failed | The buyer is not the cardholder. |
| Authentication unavailable | For some reason, the customer identity could not be confirmed or denied. |
| Error | Something went wrong in the authentication process. |
The key benefit of 3DS 2.0 is that 95% of all transactions qualify for immediate approval. There’s no additional direct input required from the customer. With this “frictionless flow,” consumers are often approved without even realizing the authentication check was performed.
A small minority of transactions will be as a riskier. The buyer will be asked to provide additional cardholder information in these cases. This could consist of a one-time password, or perhaps a biometric form of ID like fingerprint or voice recognition (neither of which was supported in 3DS1).
In rare instances, the consumer may be required to go through the older verification process.
How Much Does 3-D Secure Cost?
Fraud protection from 3-D Secure comes at a cost. Merchants will pay a flat fee for every transaction sent via 3DS. In addition, card schemes like Visa and Mastercard impose fees on the process as well.
The price you pay as a merchant will vary depending on your processor, the card network, and other factors. Currently, the price typically falls within $0.20 and $0.35 per transaction in the US. Not surprisingly, the more transactions you send through the 3DS2 protocol, the lower the per-transaction cost will be.
All of which raises the question: is implementing 3-D Secure worth it? Let’s take a look at what you get for your money.
Benefits of 3-D Secure
The primary benefit of 3-D Secure technology is security and fraud prevention.
The 3DS2 protocol uses Risk-Based Authentication (RBA) to analyze data and assess the fraud risk of each transaction in real time. Because the risk level is backed by so much information, the process provides a high level of security and lowers the risk of criminal fraud.
Learn more about fraud preventionThe technology offers multiple other benefits as well, though. Using the latest version of 3-D Secure can help regardless whether you’re upgrading from the original protocol, or deploying 3-D Secure payment verification for the first time:
Finally, 3-D Secure 2.0 also offers a "Non-payment Authentication” option. This lets you validate cardholders without requiring a purchase or processing a small refundable charge.
Disadvantages of 3-D Secure
The 3DS2 protocol has proven to be highly effective fraud deterrent. Are there any disadvantages to using this tool?
If you’re using 3-D Secure 1.0, then yes, there are definitely potential drawbacks. The protocol is not as secure, and is more prone to false positives. Customers can be confused by the pop-up window, or annoyed at the extra step at checkout. Either situation can lead to cart abandonment.
With the current version, however, most of the problems that users (and merchants) had with the original protocol have been addressed. 3DS2 can still cause a small amount of friction in some cases. Even so, it’s minor compared the previous solution.
3DS1’s liability shift is still in place, although the protection may be limited, based on which card network you work with. The specifics can vary; it’s always best to check with the card network for details.
Then, of course, there are the fees we mentioned earlier. For high-ticket or high-risk merchandise, the fees can seem small compared to the potential loss. If you deal with lower-priced merchandise and have slimmer profit margins, you’ll need to look closely at your potential ROI.
A More Complete Strategy
3DS can be very effective at stopping third-party fraud. However, this points to the biggest disadvantage to the 3-D Secure program: it does nothing to prevent first-party fraud, which makes up the bulk of most merchants’ chargebacks.
Friendly fraud happens post-transaction. Authenticating the customer prior to purchase doesn’t help if the fraud doesn’t occur until after the fact.
The 3-D Secure authentication method does offer valuable protection against fraud. It works best, however, as part of a multi-level fraud and chargeback management strategy.
Fraud and chargeback prevention and risk mitigation coverage can be increased by deploying multiple complimentary tools, including:
- Velocity limits
- CVV verification
- Address verification
- Geolocation
- Fraud filters
These should be backed by fraud scoring, which will allow you to automatically decline orders that present too much risk. This will go a long way to help protect your business against fraud and chargebacks. For true risk mitigation, though, you need a customized, end-to-end solution that can deploy the right tools and tactics where they will do the most good.
If you’re interested in learning more about 3-D Secure—or any other aspect of chargeback management—contact Chargebacks911® today. We can show you how to take chargebacks completely off your plate and increase your ROI.
