Intro
If you’ve used a Visa card before, you might have noticed something called Verified by Visa/Visa Secure. Or for a MasterCard user, you would have seen what’s called SecureCode. Those are brand names for the 3D Secure payment authentication protocol for debit/credit cards.
What is 3D Secure?
3D Secure stands for 3-domain secure which is an extra layer of security to prevent fraud when it comes to Card-Not-Present (CNP) transactions online. The basic concept revolves around the 3-domain model. These are the acquirer domain (bank and merchant receiving payment), the issuer domain (bank that issued the card) and interoperability domain (the software/hardware infrastructure required to support the 3D Secure protocol).
These 3 domains will communicate with XML messages via SSL to secure and authenticate the transaction. The process starts at the online store checkout page when the customer keys in their card information such as cardholder name, card number, expiry and CVV number. These will be sent to the payment gateway.
The payment gateway will then redirect the customer to their card issuing bank webpage to key in a One-Time Password (OTP) for 3D Secure authentication. OTPs are usually sent to the customer via SMS.
Once the authentication phase is done, the payment gateway will send the card information and authentication result to the acquirer bank. The acquirer bank will communicate with the issuing bank via the card network to authorize the transaction.
Why do online merchants need 3D Secure?
With credit card breaches happening on a regular basis, any valid debit or credit card has the potential to be used in a fraudulent order. When the merchant employs 3D Secure, a fraudster will have to go through multiple steps designed to stop malicious activities. They would rather target another merchant which do not use 3D Secure.
While 3D Secure is not foolproof, it will drastically reduce fraud in your online store by making it so much harder to use a stolen card to make a purchase. The other benefit of using 3D Secure is the shifting of fraud liabilities. If a fraudulent order does go through, the merchant using 3D Secure will be less likely to be found liable. The acquirer will be the one liable for the fraud amount.
Conclusion
It important to note that not all cards are enabled with 3D Secure but most cards from major issuers should have this enabled. Therefore, as a merchant, you need to have 3D Secure as part of your online checkout process. The protection you receive against fraud outweighs the slight inconvenience your customers may have to endure with the additional security steps.
Bonus tip
FraudLabs Pro can help detect fraud even before you submit the card information to the payment gateway. Blacklists for cards and users can detect serial offenders as blacklist data can be shared amongst merchants on the FraudLabs Pro network. Other non-card data such as IP address can also shed some light on the origins of the fraudsters. These and so much more can be integrated into any online shopping cart via the FraudLabs Pro API or the fraud plugins. Since there is a free Micro plan, there is no reason why you should not use FraudLabs Pro to protect your online store.