Hospitality Guide: 3-D Secure (3DS)

3-D Secure, otherwise known as 3DS, helps prevent online fraud with card-not-present transactions. As an extra security protocol, it provides protection for both the cardholder and the merchant.

3DS adds a layer of protection to a payment transaction by requiring cardholders to authenticate their identity before the transaction can be completed.

1. The cardholder enters their credit or debit card information into a website form.
2. The system checks if the card is enrolled in 3DS.
3. If enrolled, the cardholder is redirected to a 3DS webpage supplied by their card issuer.
4. From the webpage, the cardholder enters a unique password or temporary code. The code will be sent to their designated email address or phone number, so only the person who has access to the account or device can access the code.
5. If the cardholder successfully authenticates their identity, they’re redirected back to the website to complete their transaction.

"3D" stands for the three parties involved:

1. The merchant’s bank account that accepts card payments.
2. The issuer of the card used in the online transaction.
3. The interoperability system that connects them.

3DS is already required in Europe thanks to the Strong Customer Authentication (SCA) regulatory requirement. SCA requires merchants to build an authentication method into their payment flow, and 3DS is the easy answer.

3DS is not currently mandated for U.S. merchants, resulting in low adoption and missed benefits.

With increased security authentication, it’s harder to commit fraud online, better protecting you from credit card fraud. This ultimately protects your revenue and spending unnecessary costs on chargebacks.

For example, one of our customers reported a $137,859.86 savings in chargebacks YoY (February 2022 to February 2023) after enabling 3DS for all card-not-present transactions.

3DS shifts payment liability from the merchant back to the card issuer – meaning merchants are not liable for fraud-based disputes/chargebacks. If the cardholder disputes for fraud reasons, the Issuer is liable for the funds.

This is a valuable tradeoff for implementing payment authentication. Chargebacks result in lost revenue and lost time, so fewer chargebacks means spending more time closing business and taking better care of your customers. Plus, you’ll avoid potential chargeback fees.

Implementing a payment authentication step shows that you care about protecting your customers and their information. As e-commerce activity inevitably increases, it’s important to implement the strongest security measures possible, including authentication measures like 3DS, so your customers find you reliable and trustworthy.

Most cardholders are automatically enrolled for 3DS by their card issuer, so taking advantage of 3DS is easy for merchants.

Contact your payment processor to enable 3DS and get started.