askvity

What is 3DS Protocol?

Published in Payment Security 3 mins read

3D Secure (3DS) is an authentication protocol designed to add an extra layer of security for online credit and debit card transactions, safeguarding both merchants and customers from fraud. Essentially, it verifies the cardholder's identity with their card issuer during the payment process.

How 3DS Works

The 3DS protocol acts as an intermediary between the online merchant and the card issuer. Here's a simplified breakdown:

  1. Customer Initiates a Purchase: A customer enters their credit card details on a merchant's website or app.
  2. 3DS Check is Triggered: The merchant's payment gateway detects that the transaction requires 3DS authentication.
  3. Redirection to Issuer: The customer is redirected to their card issuer's authentication page (often within an iframe).
  4. Identity Verification: The card issuer asks the customer to verify their identity. This might involve:
    • Entering a one-time passcode (OTP) sent via SMS or email.
    • Using biometric authentication (fingerprint, facial recognition) within a mobile banking app.
    • Answering a security question.
  5. Authentication Result: The card issuer sends the authentication result back to the merchant's payment gateway.
  6. Transaction Completion: If the authentication is successful, the transaction proceeds. If it fails, the transaction is declined.

Benefits of Using 3DS

  • Reduced Fraud: By verifying the cardholder's identity, 3DS helps prevent fraudulent transactions.
  • Liability Shift: In many cases, if a fraudulent transaction occurs with 3DS authentication, the liability shifts from the merchant to the card issuer.
  • Increased Customer Trust: 3DS provides customers with added security, enhancing their trust in the merchant.
  • Global Standard: 3DS is a widely adopted standard, supported by major card networks like Visa (Verified by Visa), Mastercard (Mastercard SecureCode), and American Express (SafeKey).

Versions of 3DS

The 3DS protocol has evolved over time. The most common versions include:

  • 3DS 1.0 (3D Secure): The original version, often criticized for its clunky user experience.
  • 3DS 2.0 (EMV 3-D Secure): An improved version designed to provide a better user experience, especially on mobile devices. It supports a wider range of authentication methods.
  • 3DS 2.1 & 3DS 2.2: Further enhancements to the 2.0 version, focusing on data sharing for risk assessment and improving the authentication process.

Impact on Merchants

Merchants need to integrate 3DS into their payment processing systems. While it adds a layer of security, it can also introduce friction into the checkout process. However, the newer versions of 3DS aim to minimize this friction by using risk-based authentication.

In conclusion, 3DS protocol is a crucial security measure that helps protect against online fraud by verifying the cardholder's identity during the payment process. Its evolution has led to improved user experiences and more effective fraud prevention.

Related Articles