Blog
3D Secure Authentication: What Is It And Why Do You Need It?

3D Secure Authentication: What Is It And Why Do You Need It?

Reviewed by
Learn what 3D Secure authentication is, how it works, and why you need it to protect your online transactions.
Table of Contents
Learn what 3D Secure authentication is, how it works, and why you need it to protect your online transactions.

Key Takeaways

3-D Secure authentication is a security protocol that provides an additional layer of protection for online credit and debit card transactions. Visa and MasterCard developed the protocol in response to the growing problem of card-not-present (CNP) fraud.

3-D Secure authentication is based on the EMVCo 3-D Secure specification. EMVCo is a consortium of payment brands (including Visa, MasterCard, American Express, Discover, and JCB) that sets standards for the interoperability of chip-based credit and debit cards.

Three components to 3-D Secure authentication

The cardholder: The cardholder is the customer attempting to make a purchase using their credit or debit card. The issuer: The issuer is the financial institution that issued the credit or debit card to the cardholder. The acquirer: The acquirer is the financial institution that processes credit and debit card transactions on behalf of the merchant.The issuer must first enroll the card in the 3-D Secure program to authenticate a card. Once the card is registered, the cardholder will be prompted by their issuer to create a username and password (or another authentication method) when making an online purchase at a participating merchant.

Are you safe online? Run a free security scan to find out

{{component-cta-custom}}

How 3-D Secure 2.0 Works

3-D Secure 2.0 is the latest version of the 3-D Secure protocol. EMVCo developed it in response to the growing problem of eCommerce fraud.It introduces several new features and enhancements, including:

Dynamic 3-D Secure: Dynamic 3-D Secure is a new feature that allows issuers to dynamically select the level of authentication required for each transaction based on risk factors.This means that cardholders will only be prompted to authenticate themselves when there is a high risk of fraud. For low-risk transactions, no authentication will be required.

This is a significant improvement over the previous version of 3-D Secure, which required all transactions to be authenticated using the same static authentication method (e.g., password).

Enhanced Data: Enhanced data is a new feature that allows issuers to collect additional data from cardholders during the authentication process. This data can be used to assess the risk of fraud and make more informed decisions about whether to authenticate a transaction.

This is a significant improvement over the previous version of 3-D Secure, which only allowed collecting limited data from cardholders.Tokenization: Tokenization is a new feature that allows issuers to replace sensitive cardholder data with random numbers (called tokens). This reduces the risk of data breaches and makes it more difficult for criminals to obtain and use cardholder data.

Frictionless Authentication: A new feature allows issuers to authenticate certain low-risk transactions without prompting cardholders to enter their 3-D Secure password.

Customer Authentication Protocols: 3-D Secure, Other Strong Customer Authentication Protocols

The latest version of 3-D Secure 2.0 allows for integrating other strong customer authentication (SCA) protocols, such as EMV 3-D Secure and secure remote commerce (SRC). This makes it easier for issuers to meet the requirements of the European Union's second Payment Services Directive (PSD2) requirements and other similar regulations that mandate the use of SCA for certain types of transactions to reduce fraud.

Are you safe online? Run a free security scan to find out

{{component-cta-custom}}

CMS-based CTA:
Clean up your browser and prevent future scams
Protect yourself from money scams & other online threats, begin with a free scan.
Add Guardio to BrowserTake Security Quiz
Default CTA:
Smart protection, built for how you live online
Stay ahead of threats with real-time insights and proactive protection.
Add Guardio to BrowserTake Security Quiz
CMS-based "Did you know?" block
Did you know?
Default "Did you know?" block
Did you know?

Make sure you have a personal safety plan in place. If you believe someone is stalking you online and may be putting you at risk of harm, don’t remove suspicious apps or confront the stalker without a plan. The Coalition Against Stalkerware provides a list of resources for anyone dealing with online stalking, monitoring, and harassment.

Guardio Security Team
Guardio’s Security Team researches and exposes cyber threats, keeping millions of users safe online. Their findings have been featured by Fox News, The Washington Post, Bleeping Computer, and The Hacker News, making the web safer — one threat at a time.
Tips from the expert

Related articles

FAQs

No items found.
Table of Contents
Can You Spot a Scam Text Message?
Test your skills and learn how to protect yourself from online scams.
Take the quiz now
Can You Spot a Scam Text Message?
Test your skills and learn how to protect yourself from online scams.
Take the quiz now