What is 3-D Secure? 

    3-D Secure is an XML-based protocol created to prevent fraudulent card use. It is an additional verification step required to proceed with online payment. With 3-D Secure, a cardholder will be required to enter additional verification such as code generated via a key generator or sent to the cardholder's phone, the password associated with a card, etc. 

    To simplify, it is an online OTP (one time password) which the only cardholders can know or have access to. Hence, cardholder's funds will be protected if card details were compromised or a card was stolen. 


When is 3D Secure required? 

    Under PSD2, 3D Secure and Strong Customer Authentication (SCA) are required on all cardholder-initiated transactions when both the card issuer and acquirer are within the EEA.

    If one of the two parties is outside the EEA, SCA is not required. This type of transaction where either the merchant or buyer is outside the EEA is called a 'one leg out' transaction.

What protection does 3DS offer? 

    Merchants are not responsible for fraudulent purchases carried involving 3-D Secure. As long as you manage to authenticate your customer using SCA or attempt to authenticate but the card is not enrolled in the program, liability for fraudulent activity shifts to a card issuer (liability shift). 

What is 3-D Secure 2.0? 

    3-D Secure 2.0 is a new authentification protocol for online transactions that approaches the week points of the original 3-D Secure.  3DS2 allows two payment flows:

  • Challenge flow requires additional verification from a cardholder, such as biometrics or code.
  • Frictionless flow allows a card issuer to approve a payment without the need to interact with the cardholder. A cardholder is not required to go thru 3DS authorisation here. Consequently, a higher conversation rate achieved.