What do platforms like Verified by Visa, Mastercard SecureCode, and American Express SafeKey all have in common? They’re all fraud protection tools based on a technology called 3D Secure (often shortened to just 3DS).
Over the past two decades, 3D Secure (or just “3DS”) has been instrumental in combating criminal fraud. However, adoption has always been sluggish among merchants due to concerns about its impact on conversion and shopping cart abandonment rates.
So, let’s delve into the inner workings of 3D Secure, its evolution since its inception, and its advantages and disadvantages. We’ll also address the question of whether its impact on conversion rates should genuinely concern you.
[noun]/THrē • dē • sə • kur/
3D Secure is a customer authentication protocol created for eCommerce. The system is used to validate buyers at checkout, creating an additional layer of security for online transactions. Card networks recommend that both issuing banks and merchant acquirers support the protocol.
The “3-D” in 3DS is short for “three domains.” It alludes to the trio of distinct domain servers essential for protocol execution:
The first successful rollout of a 3D Secure solution was Verified by Visa. After this, numerous other networks adopted their own versions of the technology rooted in 3DS protocols.
Merchants can enroll in 3DS programs through each card brand. However, many merchants find it easier to do this through their acquirer.
3-D Secure is a security tool deployed at checkout. During the transaction, 3DS returns an authentication response indicating one of three outcomes. The most common response is frictionless authentication, meaning the transaction is approved without cardholder interaction. The other two responses are that a challenge is required, or that authentication failed.
Read MoreWhile the Verified by Visa name has been retired, the underlying technology remains in place to safeguard your transactions. In fact, this service has undergone recent enhancements to bolster security and deliver an even smoother user experience. This chapter will take a close look at the newly minted Visa Secure, including why you need it and how to get started.
Read MoreWhat is Mastercard doing to help merchants fight back against chargebacks… and do they work? In this chapter, we’ll talk about how Mastercard Identity Check functions, how the product has evolved since its inception, and just what type of protection it offers.
Read MoreThis chapter will examine SafeKey, the American Express-branded deployment of 3-D Secure technology. We’ll examine how Amex implements the technology, discuss some of the benefits SafeKey offers, and weigh them against potential downsides of the tool.
Read MoreThis chapter examines Discover ProtectBuy — the form of 3-D Secure technology native to the Discover card network — and how the company implements the technology. We’ll also discuss some of the benefits ProtectBuy offers, plus some potential downsides of its use, and more.
Read MoreJCB is not as well known among US cardholders, but it’s one of the largest card brands in the Asia-Pacific (APAC) market. This chapter will examine what JCB J/Secure is and how it implements 3DS technology. We’ll also discuss some of the benefits JCB 3DS offers, in contrast with its potential downsides.
Read MoreThis chapter delves into the 3D Secure 2.0 (3DS2) authentication system, and its distinctions from the original version of 3DS technology. It explains the workings of 3DS2, highlighting its ability to shift liability to issuers under specific conditions, as well as its optional “non-challenge” mode for merchants who prefer using their own risk assessment mechanisms. But, the post also explains that, while 3DS offers great value for everyone in the payment ecosystem, its’s still not a “cure all” solution for fraud.
Read MoreWhat kind of response do you get when running a customer’s credit card using 3-D Secure technology? What does the response code mean, and how does it affect your sale? This chapter will explain everything you need to know about ECI indicators, including what they are, when you’ll see them, and what they mean. We’ll also throw in some advice for brick-and-mortar retailers who aren’t eligible for 3DS protections.
Read MoreSCA regulations are now the law of the land in Europe. But what exactly are these rules, and how might they affect your business here in the US and abroad? This article will explore what SCA regulations are, who they affect, how they’re working thus far… and what you might expect in the near future.
Read MoreTransaction risk analysis allows banks to instantly analyze the risk that an individual transaction represents. Low-risk transactions can proceed as normal, while high-risk transactions need more screening. But what can TRA do for merchants? Let’s find out.
Read MoreWhat happens if you attempt 3DS validation, but it fails? This final section explains the common causes of 3DS authentication errors, clarifies what liability protection you actually receive (and don’t receive) from 3DS, and outlines practical steps for diagnosing and resolving failures when they occur.
Read More
The “3-D” in 3-D Secure stands for “three domains,” referencing the trio of distinct domain servers essential for protocol execution: the merchant, issuer, and interoperability domains.
Consult with your acquirer or payment service provider (PSP) first, then enroll in the 3DS platform. Next, you’ll integrate your 3DS account with your payment gateway or POS. Lastly, you’ll want to test the integration to ensure all components are working.
Yes. While “lower risk” payments (for instance, payments below $30) might not require 3DS authentication, it’s a good idea for merchants to have that extra authentication step enabled whenever possible.
No. The 3DS2 protocol has proven to be a highly effective fraud deterrent, but it doesn’t prevent or resolve non-fraud chargebacks at all. Aside from this, the protocol is also more prone to false positives. Customers can be confused by the pop-up window or annoyed at the extra step at checkout. Either situation can lead to cart abandonment.
Yes. This can be done legitimately using transaction risk analysis. That said, any anti-fraud protocol can be bypassed under the right circumstances. Merchants should take that into account when building their fraud prevention strategies.
3-D Secure is widely adopted across global eCommerce platforms, including regions like Europe, the US, Australia, China, India, and Singapore.
All banks and credit card processing networks in the U.S. require 3-D Secure, so most credit cards should be accepted and not require extra authentication.This message indicates that a transaction requires additional verification before it can be approved. The cardholder must authenticate using at least two independent factors; typically a combination of something they know, something they have, or something they are. Transactions that cannot satisfy this requirement will be declined.
SCA is the regulatory requirement mandating two-factor authentication for electronic payments. 3-D Secure is the technical protocol used to satisfy that requirement for card transactions. Think of SCA as the rule and 3DS as the mechanism for compliance.
Currently, US merchants are not required to comply with SCA for transactions where their acquirer is based outside the EEA. However, voluntary adoption of 3DS 2.0 is increasing, and similar regulations are emerging in other markets. US merchants with European customers or expansion plans should monitor these developments closely.
No. SCA reduces fraud-related chargebacks by shifting liability to issuers for authenticated transactions. However, it provides no protection against friendly fraud, service disputes, or claims unrelated to unauthorized card use. Merchants still need comprehensive chargeback management strategies.
SCA is implemented through your payment service provider or gateway, not directly with card networks. Contact your provider to confirm they support 3DS 2.0, ensure your integration is configured correctly, and test authentication flows before going live. Most modern payment platforms handle SCA requirements automatically for in-scope transactions.
