Using the most basic explanation, 3D Secure 2.0 (short for three domain secure) is an online security protocol created by the card networks to improve the level of security for card-not-present (CNP) transactions. In this article we explain what 3D Secure is and how it can help you provide a more secure online shopping experience for your customers.

Editor’s 2021 Note: 3D Secure Authentication has been an innovation in the payments space, commencing over two decades with 3D Secure 1.0, now updated with a new, mobile friendly version in 3D Secure 2.0. Both Visa and Mastercard have announced they will discontinue support for 3D Secure 1.0 and all related technology by October 2022 to drive market adoption of 2.0. Find out more about Eway’s 3D Secure 2.0 here.

What is 3D Secure 2.0?

3D Secure 2.0 (3DS2) is the latest version of 3D Secure 1.0. Just like many updates in the technology world — 3DS2 has been developed to address the drawbacks of the previous version (3D Secure 1.0).

3DS2 was developed by EMVCo — an entity jointly owned by major global banks such as American Express, Visa, Mastercard and others — to take into account current and future market requirements in the payments industry. This includes new payment channels (such as digital wallets) and supporting app-based authentication along with traditional browser-based online transactions.

How does 3D Secure Authentication work?

Behind-the-scenes, 3D Secure 2.0 combines data from the merchant, issuing bank, and card scheme to determine the risk of each transaction. Depending on the risk score, transactions can be approved, challenged or declined.

The ‘three domain’ refers to the three parties involved in processing a secure payment:

  • The issuer domain (the bank which issued the card) where transactions are authorised
  • The acquirer domain (the merchant and the bank which gets the money) where 3D Secure transactions begin
  • The interoperability domain (the service provided by the credit card company — Visa, Mastercard, American Express etc.) that provides the infrastructure to securely switch transactions between issuers and acquirers

The first version — 3D Secure 1.0 — of this protocol was first rolled out in 1999 to prevent unauthorised use of credit cards in online purchases.

It goes by many names — but they all reference the same set of protocols: 3D Secure 3DS2, Verified by VISA (VBV), Mastercard SecureCode, American Express SafeKey (2.0), 3DS, 3DS 1.0, 3DS 2.0, EMV 3-D Secure,, and Mastercard Identity Check.

What is different though, are the updates made to the recent rollout of 3D Secure 2.0.

Why is it necessary to have 3D Secure Authentication?

COVID-19 changed many aspects of how we live, work, and consume. Visa’s 2020 Back to Business study found that 78% of global consumers changed payment methods to reduce contact. In response, 67% of small businesses adopted new payment technologies. Added to this, consumers are far more comfortable using their mobile devices to validate their transactions.

These changes to payment behaviours, coupled with 57% year-on-year growth in online purchases, has made it appealing to fraudsters to find ways to exploit a payment environment where the percentage of card-not-present transactions is increasing.

In such an online environment, 3D Secure 2.0 helps merchants and payment companies swiftly exchange the relevant information between the parties involved in the transaction. This fast and secure protocol enabled by 3D Secure 2.0 provides a higher certainty that the transaction is authentic in the first place, which ultimately limits fraudulent activity occurring in the first place.

But that’s not all.

What is great about 3D Secure 2.0?

Firstly,  3D Secure 1.0 was never designed with mobile devices in mind, and a lot of merchants were reluctant to implement 3D Secure 1.0 because of the impact it could have on the customer experience.

Unlike its predecessor, 3D Secure 2.0 provides a frictionless checkout experience that is compatible with mobile devices and without compromising on the security of the transaction.

What does this look like? 

While your customer is in the process of an online transaction, 3D Secure 2.0 analyses a number of data points about the cardholder and device to calculate a risk score.

If a transaction is deemed high risk for fraud, the cardholder will be prompted to verify their identity by completing an additional authentication request, such as  a one-time-passcode (OTP), biometrics ID or knowledge based questions. If the transaction is deemed low risk, the cardholder will not see this step and finalise their purchase as normal.

As a result of this exchange of information, as a merchant you’re able to shift the financial liability from your business to the customer’s bank (card issuer) for fraudulent transactions, reducing your chargebacks.

Enable 3D Secure 2.0 with Eway 

We understand the money lost from chargebacks can amount to thousands of dollars every year — money you’d much rather spend on growing your business.

With Eway 3D Secure 2.0, you can prevent up to 50% of your fraud chargebacks while streamlining your checkout experience.
Get in touch with our team today if you want to learn more about providing a safe and secure checkout experience for your customers.

curve
Useful Resources

Useful Resources

All the resources you need in one place

Knowledge Base

Knowledge Base

Read our detailed implementation articles.

Contact us

Contact us

Our sales and support teams are here for you.