by Matt Mandell - June 10, 2019 - High Risk Payment

In the age of ecommerce, data security protocols are needed to protect merchants and their customers. Enter 3D Secure. 3D secure provides extra layers of authentication for each credit card and debit card transaction, making it harder for hackers and fraudsters to steal your customer’s identity. This article will explain what 3D data is, and how to use it to decrease fraud and reduce the chances of identity theft for your customers.

What is 3D Secure?

“3D” usually refers to three dimensional. However, the “3D” in 3D Secure means “three-domain structure.” This refers to three components involved with any 3D Secure credit or debit card transaction. These are called the Acquirer Domain, the Issuer Domain, and the Interoperability Domain:

  • Acquirer Domain:This domain refers to you (the merchant) and your bank
  • Issuer Domain:The issuer domain the bank that issued the customer’s payment card
  • Interoperability Domain:This domain is the payment system or credit card infrastructure that allows the payment to occur.

When customers make an online card not present transaction, 3D Secure protects data between all of the three domains. For online purchases, many major credit card brands are implementing their own version of 3D Secure for their customers. Visa has branded their service Verified by Visa, and Mastercard calls their version Mastercard SecureCode.

How 3D Secure Works

3D secure uses XML messaging, which is part of a computer programming language called Java. XML is essentially a secure way to move data from one software system to another. Essentially, once a customer enters their credit card data, the system looks at a directory server that contains a ledger of legitimate credit card customers. Once the customer is found, the server confirms to the 3D Secure system that the card is legitimate.

The customer is then prompted to enter a unique pin code. If the pin is correct, the transaction is sent to the acquiring bank to be authorized. Finally, the customer will receive a message confirming whether their payment was successfully processed.

Not all transactions on your website need to be 3D Secure enabled. You can reserve them only for certain transactions, such as those that are higher-risk or are above a certain dollar amount.

Pros and Cons of 3D Secure

3D Secure is fantastic for reducing fraud, but it does come with certain limitations. First off, not all credit cards participate in the program. Secondly, it doesn’t eliminate instances of credit card chargebacks. Chargebacks are caused by customers themselves, rather than hackers.

However, there is still a chargeback-related advantage to 3D Secure. Since it routes the payment differently, authenticating through the acquiring bank, as a merchant you are more protected from liability. Instead of you being liable for chargebacks, 3D Secure shifts the liability to your issuing bank.  In addition, certain companies like Visa (but not Mastercard) have additional chargeback protection, giving you extra peace of mind that excessive chargebacks won’t drag down your business.

Also, because security is improved, using 3D Secure can net you lower interchange fees. These fees are tacked onto every single transaction, so even a slightly lowered interchange rate will add up fast. Lastly, your customers will feel more secure if your site uses the latest and greatest security protocols. Having a high level of trust in your company and website will keep them coming back to buy again and again.

The only real potential pitfall of 3D Secure is that it adds an additional step for customers to complete before their transaction can be finished. This can cause a reduction in conversion rates if customers decide to leave before finishing the transaction. Many ecommerce buyers are used to “one-click ordering” and a fast transaction process, so be sure to clearly notify them early in the process that your site uses extra protection to keep them safe.

A very simple explanation of 3D Secure at the beginning of checkout does the trick, preparing customers by letting them know that there will be an extra step during the transaction, but that it adds security to protect their payment information. Make sure to include the Verified by Visa or Mastercard SecureCode logos, and linking to their homepages. This allows the customer to find additional information on the process, if desired.

Do I Need 3D Secure for My Business?

Not all businesses need 3D Secure, but whether or not to implement it is up to you. Ecommerce merchants who sell high-priced items or take large deposits may want to enable it for the extra security it offers.

Risks of 3D Secure

A reduced conversion rate is possible when any new step is added to the checkout process. For customers, phishing fraud is still a risk with 3D Secure. Phishing is when someone creates a fake web page that impersonates yours, getting customers to click on their fake website instead of your real one. Then, when they check out, whoever set up the scam website collects your credit card information and pin code as the customer enters it.

However, this type of fraud is not unique to 3D Secure. It is a common scheme to get around many types of online security. To avoid it, encourage customers to bookmark your site and only visit by opening the bookmarked page. Visa has also added a secret phrase that appears during checkout, showing the customer that the checkout page is genuine any time the secret phrase appears.

Final Thoughts

3D Secure is a great way to add an extra level of authentication to your online checkout process. However, it comes with potential pitfalls and limitations. The best way to determine if it’s right for you is to learn more about it, so talk to your credit card issuer with any questions you have about implementation.

Overall reductions in conversion might be offset by savings in fewer chargeback disputes and a lower interchange rate. After you try it, see what effect it has—sometimes the best way to know if something is right for your business is to test it out for a short period and look at the data to see if it was successful.

Latest Posts

Leave a Reply

Your email address will not be published. Required fields are marked *