Fundamentally, 3 Domain Secure authentication, often known by its branded names like “Verified by Visa” or “Mastercard SecureCode”, is a security protocol which adds a verification process to the payment layer by redirecting customers to a third-party page where they have to enter a SMS code or password to complete their online purchase. Three domains are involved in the process of completing a 3D Secure transaction
- the merchant/issuer,
- the acquirer,
- the card schemes
The protocol was initially deployed by VISA to improve the security of online ‘card-not-present’ transactions, but other card schemes have quickly joined to develop their own products for 3D Secure transactions.
Card networks implemented the first version of 3D Secure in 2001. It provided a better security solution but a lot more has been needed since. The protocol had included static password and merchants and issuers had shared only some data to verify a cardholder’s identity which throughout the years proved not to be enough.
A decade later in 2016, EMV Co, jointly owned by American Express, Discover, JCB International, Mastercard, China UnionPay, and Visa, released the 2.0 version in order to increase security for merchants and customers.
Soon after, EMV also published the 3DS 2.2 version whose testing support is expected to be available mid-2019.
Mercury Processing Services International: Our solution supports payment programs based on 3-D Secure such as Verified by Visa, MasterCard Identity Check (MasterCard SecureCode) allowing secure internet payments through Visa, MasterCard.
Benefits of using 3D Secure technology
3DS 2.0 benefits:
- increased security – As the card schemes’ announced, out of all authentications in 3DS 2.0 based on the outcome of risk assessment, only 5% of authentications will be challenged. It also introduces risk based authentication (RBA), evaluates customer‘s transaction and account history on the merchant side.
- the 2.0 version shares 10 times more data i.e. there are more than 50 additional elements verified during the authentication process.
- For merchants, the major benefit of the protocol is that it protects their customers from the threat of payment fraud which in turn builds trust. Therefore, cardholders will more likely engage in higher transaction values as their level of confidence is increased.
- Another perk is that merchants are no longer liable for certain fraudulent chargebacks when a customer denies they made the purchase. This benefit is also known as ‘chargeback liability shift.’
What is chargeback liability shift? While 3D Secure doesn’t have the power to eradicate 100% of all fraud and chargebacks when a 3D Secure payment online is completed, it does provide an additional authentication step. This helps to reassure the cardholder and reduces the proportion of disputes, retrievals and chargebacks for the merchant. A merchant can typically expect to reduce chargeback and fraud as well as customer complaints by approximately 80%. (Checkout)
Other benefits and differences between the versions 1 and 2 are shown in the video below:
Who is 3D Secure for?
RSA recently commissioned research to learn more about 3D Secure adoption rates among the merchant community. The results showed 76% of the merchants surveyed currently use 3DS and more than half of the respondents plan to adopt 3DS 2.0. For 55% of non-3DS-users, customer experience is the main roadblock to adoption. These concerns, however, may be unfounded, as 87% of current users report a good customer experience, 82% of them report reduced fraud, and 71% of them report reduced cart abandonment.
However, there remains a lack of awareness, even among current adopters, regarding the enhanced features delivered by 3D Secure 2.0. One of the most common factors here is in relation to the merchant’s target market. Merchants are constantly reminded that the adoption of 3D Secure is not consistent across countries. This is down to the fact that some banks just don’t support this implementation aka a non-participating bank.
Today, global merchant adoption rates of 3D Secure still vary depending on the regions. Overall, 35% of global ecommerce volume runs through 3D Secure and it is expected to increase with greater adoption of the updated protocol, as well as the result of regulations such as the PSD2 in Europe.