Skip to content

Strategies to optimize auth rates for the airlines

  • 07 Dec 2023

  • 08:30 AM GMT

Sign up
, Apr 14, 2023

What Is 3D Secure, and Why Do You Need This?

What Is 3D Secure, and Why Do You Need This?

With the increasing internet penetration, globalization, and consequent eCommerce growth, cards have emerged as one of the most commonly used methods for online payments at 29%. It simply means 29% of online purchases are made through CNP or card-not-present transactions.

Card-not-present or CNP transactions are the ones where neither the card nor the cardholder is physically present at the time of the transaction. 

While CNP transactions allow consumers to purchase anything remotely, they also make consumers vulnerable to cyber-attacks. For instance, Card not present fraud is 81% more likely to occur as compared to card-present fraud.

So, it’s the duty of online merchants that facilitate CNP transactions to ensure better security and prevent fraud. But how, as a retailer, can you do that? Well, that’s where 3DS or 3D Secure comes into the picture.

Using 3DS, you can make CNP transactions more secure and reduce the likelihood of fraud. In this blog, we’ll dig deeper into what 3DS is, its components, the benefits of 3D Secure for retailers, and more. So, read in full.

What is 3D Secure?

3D Secure, in its most basic sense, is a security protocol that involves the implementation of an additional security layer in card-not-present transactions (debit or credit). The motive is to authenticate the payer using OTP or biometrics and prevent the likelihood of fraud for both the merchant and the consumer.

What are the Domains or Components of 3D Secure?

There are three domains involved in the 3DS authentication protocol:
Components of 3D Secure

1. Issuer Domain 

The issuer domain is the financial institution or the bank that issued the card to the customer. It prompts the user to enter a password or any other form of authentication to authorize the transaction. The issuer domain is further made up of different components such as:

  • Cardholder Browser:

The customer enters the required information to initiate the security protocol.

  • Enrollment Server:

This server helps the customer register in the authentication process.

  • Access Control Server:

This server authenticates the card and the cardholder’s identity.

  • Validation Server:

Validation servers help validate the cardholder’s ID.

2. Acquirer Domain

The acquirer domain refers to the bank where the merchant’s or seller’s account exists. This bank account receives the money once the transaction is complete. Here are the components of the acquirer domain:

  • Merchant plug-in:

    The merchant plug-in helps create and process authentication messages for the cardholder once the purchase is confirmed.

  • Signature validation server:

    This server helps validate the digital signatures.

3. Interoperability Domain

The interoperability domain helps determine which network is needed for making the transaction. Here are the components of the interoperability domain:

  • Directory server:

    The directory server determines if the account number is associated with any card scheme. And if it is, the request is forwarded to the access control server.

  • Certificate authority:

    This component of the interoperability domain helps generate and distribute the SSL, public root hierarchy, and card scheme certificates to all domains.  

What is 3D Secure 2.0?

In the initial version of 3DS, i.e., 1.0, the protocol was not user-friendly and had several other flaws, such as poor data sharing and customer experience. To deal with these flaws, 3DS 2.0 was released. Here are the primary features of 3DS 2.0:

  • Enhanced Shopping Experience:

    3DS 2.0 helps authenticate app-based transactions seamlessly and more quickly. This offers a better shopping experience for shoppers who prefer mobile apps.

  • Better data sharing:

    The latest version of 3DS helps share the data between the acquiring and issuer banks more effectively. This further allows the issuing banks to make better risk-related decisions.

  • Better authentication Options:

    The 3DS 2.0 allows customers to authenticate in risky transactions using OTPs or biometrics.

  • Single authentication:

    The latest protocol helps users avoid redirects and sends customers via a single authentication flow. This makes the transactions more seamless and enhances the customer experience.

Good Read: Hosted Payment Page (HPP) | Everything You Need To Know | inai

How does a 3D Secure Authentication Process work?

Here’s how 3D secure transactions work:

  1. The payment gateway reaches out to the directory server and confirms that the card is registered in the 3DS program.

  2. The payment process is then sent to the cardholder’s bank’s website.

  3. The consumer/cardholder enters the card information and submits the details to the bank.

  4. After that, the 3D Secure protocol asks the user to verify their identity by entering OTP or biometrics.

  5. Once the buyer enters the details, the authentication process returns to the payment gateway.

  6. The payment gateway sends the transaction details to the bank.

  7. The bank then approves or declines the transaction and displays the response to the buyer.

What are the Advantages of 3D Secure for Merchants?

Secure your payment stack

1. Change of Liability

One of the most significant advantages of integrating 3DS for merchants is the change of liability. With 3DS, the liability of disputes or chargebacks is shifted to card issuers from merchants/retailers. This way, it becomes the responsibility of card issuers to tackle any fraud chargebacks, reducing the burden on merchants.

2. Compliance with Regulations

Merchants in several countries are mandatorily required to integrate multi-level authentication for payment verification. And luckily, implementing 3DS is an effective way to achieve that. In short, by implementing 3DS, merchants can comply with legal regulations and avoid repercussions.

3. Reduced Fraud

3DS allows you to add an additional layer of security for authenticating the customer. This helps ensure the owner rightfully uses the card used in the transaction and reduces the likelihood of fraud.

4. Protection from Chargebacks

Using 3DS, merchants can provide evidence in case a customer raises a dispute or files a chargeback. This way, merchants can protect themselves from fraud chargebacks and save a lot of unnecessary hassle.

5. Improved Customer Confidence

By implementing 3DS, you can make payments on your platform more secure. And that’s something customers love. Customers are likely to purchase from a merchant who they find to be more secure. This way, you can gain trust, improve customer confidence in your business and thus boost sales.

Conclusion

While enabling 3DS for added security is not mandatory, it’s a vital security protocol all online businesses must implement. It helps prevent card-not-present fraud, protects merchants from chargebacks, helps comply with regulations, and increases trust among customers, among other benefits. So, if you have an online business or are planning to start one, make sure to enable 3DS for card payments.

Expand globally with inai

Subscribe to our newsletter to get the latest updates
Picture of Karthik Narayanan

Karthik Narayanan is the Co-founder, CPO & CTO at inai, a global payment stack simplifying native payments with a single integration. He is a serial entrepreneur with over a decade of experience in product and engineering. Over the last 5 years, he has worked with 200+ businesses ranging from SMEs to Bigtechs.