3D Secure Authentication: What Is It And Why Do You Need It?
Key Takeaways
3-D Secure authentication is a security protocol that provides an additional layer of protection for online credit and debit card transactions. Visa and MasterCard developed the protocol in response to the growing problem of card-not-present (CNP) fraud.
3-D Secure authentication is based on the EMVCo 3-D Secure specification. EMVCo is a consortium of payment brands (including Visa, MasterCard, American Express, Discover, and JCB) that sets standards for the interoperability of chip-based credit and debit cards.
Three components to 3-D Secure authentication
The cardholder: The cardholder is the customer attempting to make a purchase using their credit or debit card. The issuer: The issuer is the financial institution that issued the credit or debit card to the cardholder. The acquirer: The acquirer is the financial institution that processes credit and debit card transactions on behalf of the merchant.The issuer must first enroll the card in the 3-D Secure program to authenticate a card. Once the card is registered, the cardholder will be prompted by their issuer to create a username and password (or another authentication method) when making an online purchase at a participating merchant.
Are you safe online? Run a free security scan to find out
{{component-cta-custom}}
How 3-D Secure 2.0 Works
3-D Secure 2.0 is the latest version of the 3-D Secure protocol. EMVCo developed it in response to the growing problem of eCommerce fraud.It introduces several new features and enhancements, including:
Dynamic 3-D Secure: Dynamic 3-D Secure is a new feature that allows issuers to dynamically select the level of authentication required for each transaction based on risk factors.This means that cardholders will only be prompted to authenticate themselves when there is a high risk of fraud. For low-risk transactions, no authentication will be required.
This is a significant improvement over the previous version of 3-D Secure, which required all transactions to be authenticated using the same static authentication method (e.g., password).
Enhanced Data: Enhanced data is a new feature that allows issuers to collect additional data from cardholders during the authentication process. This data can be used to assess the risk of fraud and make more informed decisions about whether to authenticate a transaction.
This is a significant improvement over the previous version of 3-D Secure, which only allowed collecting limited data from cardholders.Tokenization: Tokenization is a new feature that allows issuers to replace sensitive cardholder data with random numbers (called tokens). This reduces the risk of data breaches and makes it more difficult for criminals to obtain and use cardholder data.
Frictionless Authentication: A new feature allows issuers to authenticate certain low-risk transactions without prompting cardholders to enter their 3-D Secure password.
Customer Authentication Protocols: 3-D Secure, Other Strong Customer Authentication Protocols
The latest version of 3-D Secure 2.0 allows for integrating other strong customer authentication (SCA) protocols, such as EMV 3-D Secure and secure remote commerce (SRC). This makes it easier for issuers to meet the requirements of the European Union's second Payment Services Directive (PSD2) requirements and other similar regulations that mandate the use of SCA for certain types of transactions to reduce fraud.
Are you safe online? Run a free security scan to find out
{{component-cta-custom}}
FAQs
