Overview

Building a modern checkout experience requires that merchants find the balance between security and ease of use for their customers. Coupled with strict regulatory requirements, 3D Secure (3DS) can help to prevent fraud and meet Strong Customer Authentication (SCA) requirements.

What's 3D Secure?

3D Secure (3DS) is a security protocol designed to add an extra layer of security for online transactions. Initially introduced by Visa under the name "Verified by Visa" and later rebranded to "Visa Secure," it has been adopted by Mastercard, American Express, and other key issuers and card networks. 3DS links three domains — the issuer domain, the acquirer domain, and the interoperability domain (which includes the card scheme, payment processors, merchant plugins, and access control servers) — to facilitate data sharing and authenticate transactions through an additional verification step during checkout. This step involves requesting further information from the customer, aiding in identity verification and assessing the risk of fraud. Merchants adopting 3DS benefit by reducing fraud risk, as the liability for chargebacks on transactions verified through 3DS shifts from them to the card issuer.

3DS serves as a foundational mechanism for implementing Strong Customer Authentication (SCA) requirements, especially crucial in regions like the European Economic Area under the PSD2 regulation. SCA mandates a two-factor authentication process for online transactions to enhance security measures against fraud. By integrating 3DS, payment processors and merchants can comply with these regulatory requirements, ensuring that transactions meet the necessary authentication standards to protect consumer data and reduce fraudulent activity.

The latest iteration, 3DS2, builds upon the original by incorporating additional data transfer capabilities, such as device information, into the authentication process. This version is designed to make risk assessments more accurate, allowing issuers to approve more transactions without additional verification steps. 3DS2 has been optimized for mobile and other digital transactions, focusing on reducing friction and improving the user experience during checkout, which in turn can help increase conversion rates and provide a more streamlined payment process.

Looking towards the future of authentication, 3DS is evolving to facilitate more sophisticated data-sharing mechanisms. Innovations like 3DS Data-Only, Visa's Digital Authentication Framework, and the anticipated integration of Machine Learning (ML) and Artificial Intelligence (AI) into authentication processes represent the next frontier. These advancements aim to enhance the security and efficiency of online transactions by leveraging extensive data analysis and predictive algorithms to authenticate user identities. As these technologies develop, they will likely set new standards for secure and user-friendly online payment authentication, further strengthening the digital commerce ecosystem.

Strong Customer Authentication (SCA)

3DS2 satisfies the Strong Customer Authentication (SCA) requirements coming into effect for European merchants transacting with European customers.

Payment flow

On the client side:

• Generate a client token
• Render a checkout page to collect customer payment information
• Verify the credit card amount
• The customer may then be prompted to authenticate if requested by the issuing bank, or otherwise required to do so by relevant local legislation

On the server side:

• If the authentication is completed successfully or none was required, use the returned nonce to create a transaction.