A woman paying for her purchase with an employee at a cash register on  a table in a retail store.

What is 3D Secure Authentication

Saturday, December 05, 2015

Protecting your business from fraud

As a small business owner, you know how important every aspect of your sales can be. From in-person to online purchases, each can make a difference for your financial bottom line. That’s why it’s important to make sure you protect yourself from fraudulent transactions that happen with card payments. One tool to help secure transactions is 3D secure authentication. In this article, we’ll look at what this authentication process is and how it works, as well as how important it is for your business. To start, let’s define 3D secure authentication.

What’s 3D secure authentication?

3D secure authentication (3-domain structure or 3DS), also known as a payer authentication, is a security protocol that helps prevent fraud with online credit and debit card transactions. During this additional step of verification, there are three separate domains involved – the card issuer domain, the merchant or acquirer domain, and the interoperability domain (which is usually the payment service provider). 3D secure authentication allows the merchant or acquiring bank to ask for additional authentication details from the cardholder in order to prevent fraudulent purchases. Usually, this additional security verification comes in the form of a PIN or security code, but sometimes it can include the payment method that the customer used. Mastercard and Visa helped to implement these security measures, and you’ll see them branded as ‘Verified by Visa’ and ‘MasterCard SecureCode.’

While 3DS is not new, there’s a new iteration of 3DS. Known as 3D secure 2.0 (or EMV 3DS), this iteration of 3D secure authentication builds upon the first version and increases security and authorizations for digital transactions. The European’s Payment Services Directive 2 (PSD2) has brought several changes around online shopping security, including a mandatory Strong Customer Authentication (SCA) component for European Union shoppers.

It’s important to note that 3D secure authentication only takes place in card-not-present transactions and, more specifically, in online transactions. Now, let’s look at the process in action.

How does 3D secure work?

Let’s say your business has 3DS enabled on your ecommerce website. When your customer gets ready to make a purchase, the 3D secure authentication process begins. Here’s a look at the process:

  • At the checkout screen, your customer enters their credit card or debit card details.
  • Your payment system contacts a directory and receives the message that the customer’s card is in the 3D secure program.
  • Meanwhile, the customer then sees a 3DS page where they’ll need to authenticate their identity to the issuing bank. They’ll enter a password or one time personal identification number (PIN).
  • The result of the verification process goes to the payment system where the transaction details are sent to the acquiring bank (the merchant’s bank).
  • The acquirer authorizes the transaction.
  • The customer is notified about whether the transaction was successful.

Why is 3D secure authentication important?

3D secure authentication takes place quickly, seamlessly, and in the background, meaning that consumers shouldn’t even notice a difference. However, the added security can give customers shopping at your ecommerce site peace of mind knowing that you’re helping to protect their card data. For merchants, 3D secure authentication has a big positive for your business – liability shift.

Here’s why. Essentially, when a cardholder wants to dispute a 3D secure payment, the liability moves from you as the merchant to the issuing bank. That means that you won’t be on the hook to pay the cardholder back for the purchase.

The liability shift can also happen if the card network (like Visa or Mastercard) requires 3DS, but it isn’t available for the card or the issuer. This situation can happen for a few reasons, including the issuer’s 3DS server being down or if the issuer doesn’t support 3DS (despite the card network requiring it). During payment, if the cardholder isn’t prompted to complete 3DS, it could be because the card isn’t enrolled. So, even if the cardholder didn’t complete 3DS authentication, the liability would still shift to the issuer. That’s good for your business, as being liable for chargebacks can really eat into your bottom line.

What are some other benefits of 3DS authentication?

There are a few other benefits that 3DS authentication offers to both merchants and customers:

More secure payments – While the most obvious benefit, this protocol builds an extra layer of security into the payments process to help support fraud protection and reduce the risk when accepting online payments. The second iteration of 3DS, 3DS 2.0, also increases the number of data points that can be exchanged for a more comprehensive authentication process.

More optimized user experience – 3DS 2.0 allows for a better user experience by making the protocol compatible with more devices and mobile browsers. That means customers get a more consistent experience and can securely shop from any device with confidence.

More brand loyalty – With 3D secure authentication, consumers’ card credentials are protected from unauthorized access, thereby providing consumers with peace of mind that their purchases will be safe and secure. That can encourage customers to shop with your company, helping to reduce cart abandonment, increase sales, and drive loyalty business.

As you can see, knowing how 3D secure authentication works can help you make sure you’re on top of your business. Protecting your business and your customers is important, and doing everything you can to prevent fraud at your company can not only help keep your business moving but instill confidence in your brand from your customers. On top of that, it can also shift the liability from any fraudulent activity to the issuing bank, protecting you even further from fraudulent transactions.

Ready to work with a payment processor who can help you prevent card-not-present fraud?

Heartland is the point of sale, payments and payroll solution of choice for entrepreneurs that need human-centered technology to sell more, keep customers coming back and spend less time in the back office. Nearly 1,000,000 businesses trust us to guide them through market changes and technology challenges, so they can stay competitive and focus on building remarkable businesses instead of managing the daily grind. Learn more at heartland.us.