3-D Secure, otherwise known as 3DS, helps prevent online fraud with card-not-present transactions via frictionless authentication.
When enabled, a cardholder is required to authenticate their identity before the transaction can be completed.
3-D Secure (3DS) authentication shifts fraud-related chargeback liability to the card-issuing bank, providing added protection for merchants. If the issuing bank flags a transaction as risky, a challenge flow is triggered to verify the cardholder’s identity. According to card brands, approximately 95% of 3D Secure transactions are completed frictionlessly.
3-D Secure, otherwise known as 3DS, helps prevent online fraud with card-not-present transactions via frictionless authentication.
When enabled, a cardholder is required to authenticate their identity before the transaction can be completed.
What are the three domains involved in 3DS?
The three domains of 3-D Secure (3DS) represent the key stakeholders in the authentication process for online card payments, which enhance security and minimize fraud in digital transactions.
What are common authentication methods?
Is 3DS mandated for merchants?
Below is a list of countries that require or strongly encourage the use of 3DS due to local regulations, particularly as part of Strong Customer Authentication (SCA) under the European Union’s Payment Services Directive 2 (PSD2) and other regional mandates:
European Economic Area (EEA) Countries (PSD2 Compliance)
1. Austria
2. Belgium
3. Bulgaria
4. Croatia
5. Cyprus
6. Czech Republic
7. Denmark
8. Estonia
9. Finland
10. France
11. Germany
12. Greece
13. Hungary
14. Iceland
15. Ireland
16. Italy
17. Latvia
18. Liechtenstein
19. Lithuania
20. Luxembourg
21. Malta
22. Netherlands
23. Norway
24. Poland
25. Portugal
26. Romania
27. Slovakia
28. Slovenia
29. Spain
30. Sweden
United Kingdom
The UK enforces 3DS under its own version of SCA following its departure from the EU.
United States
The United States does not currently require 3DS but encourages its use as a fraud prevention tool, especially for high-risk industries.
Asia-Pacific
1. India (Mandatory for domestic online transactions)
2. Singapore (Encouraged for risk-based authentication)
3. Malaysia (Mandated for certain banks)
4. Australia (Not mandatory but widely adopted)
Middle East
1. United Arab Emirates (Encouraged for fraud prevention)
2. Saudi Arabia (Mandated for specific payment processors)
South America
1. Brazil (Encouraged to prevent fraud but not mandated)
Regulations and enforcement may vary by bank or payment processor within countries. Even in regions where 3DS is not mandatory, cardholders may still encounter 3DS authentication due to fraud prevention measures implemented by their issuing bank.
How is 3DS currently available?
EMV 3-D Secure helps payment card issuers and merchants around the world prevent card-not-present (CNP) fraud and increase the security of e-commerce payments. 3DS is often recognized with branding of Visa (Verified by Visa), Mastercard (Secure Code), and American Express (SafeKey), Discover (ProtectBuy).
3DS is a critical fraud prevention tool that helps verify cardholder identity during online payments, significantly reducing the risk of unauthorized transactions. Beyond added security, 3DS offers a liability shift for fraud-related chargebacks, protecting your business from financial losses.
Reduce Fraud and Save Thousands
Implementing customer authentication like 3DS not only reduces fraud risk but also safeguards against revenue loss due to fraud-related chargebacks.
Shift Payment Liability from Your Business to Card Issuers
3DS shifts chargeback liability from the merchant back to the card issuer. If the cardholder disputes a transaction for fraudulent reasons, the issuer is liable for the funds instead of you.
This is a valuable tradeoff for implementing payment authentication. Chargebacks result in lost revenue and time, so fewer chargebacks means spending more time closing business and taking better care of your customers. Plus, you’ll avoid potential chargeback fees and penalties as serious as losing your merchant ID.
As e-commerce activity inevitably increases, it’s important to implement the strongest security measures possible, including authentication measures like 3DS, so your customers find you reliable and trustworthy. Implementing a payment authentication step shows that you care about protecting your customers and their information.
Global merchants must meet the EU’s requirement for SCA (Strong Customer Authentication) and implement it across all regions where they do business.
Here at Sertifi, we make it easy for you to accept online credit card transactions securely and frictionlessly and take advantage of fraud prevention methods like 3DS. Please get in touch with our team to learn more and get started.
Simplify selling by electronically capturing payments and agreement e-signatures from one secure platform. Behind the scenes, SertifiPay processes payments in a fast, PCI-compliant manner at a lower cost to you. Our customers have saved up to $175k a year in processing fees.