3-D Secure, otherwise known as 3DS, helps prevent online fraud with card-not-present transactions via frictionless authentication.
When enabled, a cardholder is required to authenticate their identity before the transaction can be completed.
Fraud Prevention Guide: 3-D Secure (3DS)
3-D Secure (3DS) authentication shifts fraud-related chargeback liability to the card-issuing bank, providing added protection for merchants. If the issuing bank flags a transaction as risky, a challenge flow is triggered to verify the cardholder’s identity. According to card brands, approximately 95% of 3D Secure transactions are completed frictionlessly.
What is 3-D Secure?
What are the three domains involved in 3DS?
The three domains of 3-D Secure (3DS) represent the key stakeholders in the authentication process for online card payments, which enhance security and minimize fraud in digital transactions.
- Issuer Domain: The cardholder’s bank or financial institution responsible for verifying the cardholder’s identity during the transaction.
- Acquirer Domain: The merchant’s bank or payment processor facilitating the transaction on behalf of the merchant.
- Interoperability Domain: The infrastructure that connects the issuer and acquirer, typically managed by the card networks to enable secure communication and authentication.
- The cardholder enters their card information to complete payment.
- If the card-issuing bank deems the transaction is low-risk, they approve the transaction.
- If the card-issuing banks deems the transaction high-risk, they may request additional verification. Verification methods vary by bank but are user-friendly for genuine cardholders.
- Once the cardholder is authenticated the bank approves the transaction.
What are common authentication methods?
- The cardholder may need to enter a passcode that the bank sends to their designated email address or phone number.
- The cardholder may need to provide answers to questions that only the real cardholder knows.
- The cardholder might need to use a biometric authentication method (fingerprint, voice, face recognition).
Is 3DS mandated for merchants?
Below is a list of countries that require or strongly encourage the use of 3DS due to local regulations, particularly as part of Strong Customer Authentication (SCA) under the European Union’s Payment Services Directive 2 (PSD2) and other regional mandates:
European Economic Area (EEA) Countries (PSD2 Compliance)
1. Austria
2. Belgium
3. Bulgaria
4. Croatia
5. Cyprus
6. Czech Republic
7. Denmark
8. Estonia
9. Finland
10. France
11. Germany
12. Greece
13. Hungary
14. Iceland
15. Ireland
16. Italy
17. Latvia
18. Liechtenstein
19. Lithuania
20. Luxembourg
21. Malta
22. Netherlands
23. Norway
24. Poland
25. Portugal
26. Romania
27. Slovakia
28. Slovenia
29. Spain
30. Sweden
United Kingdom
The UK enforces 3DS under its own version of SCA following its departure from the EU.
United States
The United States does not currently require 3DS but encourages its use as a fraud prevention tool, especially for high-risk industries.
Asia-Pacific
1. India (Mandatory for domestic online transactions)
2. Singapore (Encouraged for risk-based authentication)
3. Malaysia (Mandated for certain banks)
4. Australia (Not mandatory but widely adopted)
Middle East
1. United Arab Emirates (Encouraged for fraud prevention)
2. Saudi Arabia (Mandated for specific payment processors)
South America
1. Brazil (Encouraged to prevent fraud but not mandated)
Regulations and enforcement may vary by bank or payment processor within countries. Even in regions where 3DS is not mandatory, cardholders may still encounter 3DS authentication due to fraud prevention measures implemented by their issuing bank.
How is 3DS currently available?
EMV 3-D Secure helps payment card issuers and merchants around the world prevent card-not-present (CNP) fraud and increase the security of e-commerce payments. 3DS is often recognized with branding of Visa (Verified by Visa), Mastercard (Secure Code), and American Express (SafeKey), Discover (ProtectBuy).
See how it works directly from Stripe, Sertifi's payment processing partner.
What are the benefits of 3-D Secure?
3DS is a critical fraud prevention tool that helps verify cardholder identity during online payments, significantly reducing the risk of unauthorized transactions. Beyond added security, 3DS offers a liability shift for fraud-related chargebacks, protecting your business from financial losses.
Reduce Fraud and Save Thousands
Implementing customer authentication like 3DS not only reduces fraud risk but also safeguards against revenue loss due to fraud-related chargebacks.
Shift Payment Liability from Your Business to Card Issuers
3DS shifts chargeback liability from the merchant back to the card issuer. If the cardholder disputes a transaction for fraudulent reasons, the issuer is liable for the funds instead of you.
This is a valuable tradeoff for implementing payment authentication. Chargebacks result in lost revenue and time, so fewer chargebacks means spending more time closing business and taking better care of your customers. Plus, you’ll avoid potential chargeback fees and penalties as serious as losing your merchant ID.
As e-commerce activity inevitably increases, it’s important to implement the strongest security measures possible, including authentication measures like 3DS, so your customers find you reliable and trustworthy. Implementing a payment authentication step shows that you care about protecting your customers and their information.
Global merchants must meet the EU’s requirement for SCA (Strong Customer Authentication) and implement it across all regions where they do business.
How do I get started with 3-D Secure?
Here at Sertifi, we make it easy for you to accept online credit card transactions securely and frictionlessly and take advantage of fraud prevention methods like 3DS. Please get in touch with our team to learn more and get started.
Get paid faster with Sertifi's hotel payment solutions.
Simplify selling by electronically capturing payments and agreement e-signatures from one secure platform. Behind the scenes, SertifiPay processes payments in a fast, PCI-compliant manner at a lower cost to you. Our customers have saved up to $175k a year in processing fees.
“Sertifi allows our sales and catering group to collect signed contracts 96% faster and capture payments within one day. I always have previous employees reaching out to me because they want to add Sertifi.”
TRACY DUPLECHAIN, DIRECTOR OF SALES, AC HOTEL NEW ORLEANS BOURBON / FRENCH QUARTER AREA