3D SECURE PROCESSING : A Fraud Protection Technology To Protect Your Online Transactions


3D Secure or 3DS is a security technology for online payments providing authentication scheme requiring the cardholder to enter an additional password to complete the online purchase transaction applicable for Visa and MasterCard in any region and for American Express and JSC in supported regions. This serves as an extra layer of security that prevents unauthorized use of credit cards, therefore, minimizing fraudulent transactions and is most useful for high-value transaction because if the customer is able to enter the password to confirm their identity with the card issuer, the merchant will have more confidence that the transaction is genuine and real.
3D Secure stands for the 3 Domain Secure and three parties are involved in this process – first is the vendor or the company the purchase is being made from, second is the acquiring bank and third is the interoperability domain or the infrastructure provided by the card to support the 3-D Secure protocol.
The 3DS protocol uses XML messages that are sent over SSL connections with client authentication which ensures the authenticity of peers, the server, and the client by using digital certificates.

The main key benefits of having a 3DS are the following:

  • Additional protection of merchants from fraudulent payments
  • Gives more safety when transacting online
  • Increase in customer confidence in making online payments leading to increasing sales
  • Reduces the merchant’s cost from fraudulent chargeback

Originally it was Visa that developed the 3DS Secure protocol which has vastly improve the security of online payments. It was called Verified by Visa. MasterCard also made a similar protocol called MasterCard Secure Code JCB International followed by having J/Secure and on November 8, 2010, American Express added American Express SafeKey which are both available in select regions and continues to launch on other regions. All of these protocols allows authentication of cardholders by their Issuers at participating merchants when doing online payments.
This process gives the Issuers the ability to authenticate cardholders through the use of the password, thus reducing the likelihood of fraudulent use of credit cards and also improving the overall transaction performance of a merchant. When this authentication is enabled the merchant is no longer liable for certain fraudulent chargeback that may arise should the cardholder deny making the transaction. Liability shift comes into the picture. For successfully verified transactions the 3DS protects card issuers from the chargeback. The 3DS does not totally eliminate fraud or even chargeback so the merchants must still continue using its anti-fraud systems and security measures.

How Does 3D Secure Processing Work?

In a regular credit card transaction with no 3D Secure, the process includes the following:
1. Card information of the cardholder or the customer is entered such as the 16 digit card number, the expiry date, CVV code and the name of the cardholder.
2. The payment processor submits the said information to the acquiring bank.
3. The acquiring bank authorizes the transaction by communicating with the credit card network and issuing bank.
4. The merchant will inform the customer if the transaction succeeds or failed.
For card transactions with 3D Secure Payment additional steps are needed and added to the credit card process to be able to duly authenticate the cardholder who is performing the transaction.
1. Card information of the cardholder or the customer is entered such as the 16 digit card number, the expiry date, CVV code and the name of the cardholder.
2. The payment processor checks whether the card is enrolled in 3D Secure if the directory server responds that the card is registered the cardholder will be redirected to the “3D Secure” page served by the issuing bank.
3. The cardholder then authenticates himself by entering an OTP (One Time Pin) or a nominated password, once authenticated the payment processor then submits the card information and the 3D Secure authentication result to our acquiring bank.
4. The acquiring bank authorizes the transaction and the customer will be informed should the transaction succeed or failed.
Some problems encountered by using 3DS is that the customer may not understand why they are redirected to another page. That is why it might be a good idea to let them know why the 3D Secure processing is being used in accepting the payment transaction and also a link to a reputable site that explains well the process for the customers. This will make them feel secure and decrease the chance that they may feel their information is exposed.
3D Secure validation is very valuable for a merchant. It provides a level of protection from fraud provides may very well increase the trust your customers have with you. If using a bank-hosted payment page, a customer can trust that their financial institutions are the only agents with all of their credit card data, and only their issuing bank has the password to use it. While the payment process is slightly more complex, a little education goes a long way.
In order for a Visa or MasterCard member bank to be able to use the 3DS protocol, the bank should install and use the compatible and compliant software that supports the latest specifications of the protocol. Once this software is installed, the member bank will conduct a product integration testing with the payment system server before it rolls out the system.
EMVCo. which is a company that is collectively owned by the following – American Express, Discover, JCB, Mastercard, UnionPay and Visa and have developed and released the EMV 3DS 2.0 Specification which includes:

  • Improved messaging with providing the necessary supplementary information to aid in better decision making for authentication.
  • Failure to pay user authentication,
  • Failing short on standard extensions to meet the specific regulations as well as the requirements which includes the proprietary out-of-band authentication solutions used by card issuers
  • Better performance for end-to-end message processing
  • Improved datasets for risk-based authentication
  • Prevention of unauthenticated payment, even if there is a chance that the cardholder’s card number is stolen or cloned.

3D Secure Processing With Ipaytotal Is Simple!

One of Ipaytoal’s top priorities is to enable our merchants to eliminate the risk of fraudulent card use – that is the reason we work with acquiring banks that can integrate with 3D Secure processing through our PCI compliant payment gateway. For merchants who need to process utilizing 3D Secure, make a point to explicitly ask for a 3D Secure merchant account.
In case If you have any questions, you can visit our Website to connect with highly experienced and well-educated team, with more than a decade of experience in the industry or give us a call on +(44) 800 776 5988

Scroll Up