What is 3-D Secure Authentication?

Nothing is as important in payment software as security. It is the cornerstone of any technology in one way or another related to users’ finances. And in the first place in security of this type of software is always payment authentication. Simple authentication may seem convenient and attractive, but it carries huge cybersecurity risks.

At the same time, even understanding the importance of the authentication process, users often perceive it as one big inconvenience. Too complicated procedures can drive customers away from a product or service. Earlier payment service providers had to find a balance between security and convenience, but now all these issues are solved by the 3DS payment verification. This mechanism has worked so well that it has even become mandatory in a number of countries and most new services are designed with it in mind. Let’s take a closer look at 3DS verification. In this article, we will find out what 3-D Secure authentication is, its meaning and main benefits, how it works, and why every modern payment solution should be equipped with this security mechanism.

3-D Secure verification: Definition

3-D Secure is an additional identity authentication for online payments. It allows the bank and the merchant to verify that the payment is initiated by the person to whom the bank card is registered.

This security protocol was developed and implemented in 1999. Its developer was the Visa payment system (Verified by Visa), and later this technology was adopted by Mastercard (Mastercard Secure Code).

The first version of 3DS authentication was created initially to increase cardholder confidence in online payments. This, along with the growing availability of the Internet and the speed of connection, directly influenced the rapid evolution of e-commerce.

The goal was obvious: to prevent fraudulent use of bank cards. This required technology to control the authenticity of cardholders in CNP transactions, which are performed without the physical presence of the card. Internet payments are an obvious example of such transactions.

What is 3DS 2.0?

The 3DS protection mechanism has been on the market for quite some time and has a number of drawbacks in addition to its benefits. The developers of the protocol are aware of this, and therefore to eliminate the most common disadvantages have perfected the protocol and introduced 3DS 2.0.

3DS 2.0 is the new generation of the protocol and compared to the previous version has a number of improvements:

Support for more devices with special SDKs. If previously users of mobile devices had to go to a separate page for verification, now it can be done seamlessly.

More ways of verification. The second version of the protocol added the possibility of verification with biometrics and tokens.

More data. The amount of data that can be transferred through the protocol has been increased several times.

3-D Secure payment verification: How does it work?

3-D Secure verification technology creates additional conditions for secure online payments for products and services. The essence of its work is encrypted in the name that means Three-Domain Security. These domains are:

• Issuer;
• Acquirer;
• The payment system.

The 3DS payment process goes as follows:

1. The merchant initiates a 3-D Secure authentication request to the payment processor.
2. The payment processor sends an authentication request to the customer’s credit card issuer.
3. The customer card issuer sends a real-time response with a status indicating whether the transaction should be allowed.
4. If the transaction looks suspicious or any other unforeseen issues are detected, additional verification takes place.

This makes it possible to identify users making the payments and at the same time inform them about the transaction. Simplified, it looks like this: during the payment process, the cardholder sees a pop-up window that asks for a password to identify the user. One of the options for obtaining a password through 3DS validation is to send it in an SMS message to the payer’s mobile number. Without entering the password, the transaction will not be completed. Alternatively, biometric verification can be used, if the cardholder’s device allows it.

That is, if suddenly a certain person tries to use someone else’s card to pay, with 3-D Security validation it will be the cardholder who receives the confirmation code. This way, the cardholder will understand that someone wants to make a payment, will not allow it, and will take the necessary measures (e.g., block the card).

Rules of international payment systems Visa and Mastercard oblige banks to make three-domain protection technology available for clients. All modern bank cards created for online payments use this type of authentication.

Frictionless checkout

The method described above is the so-called Challenge verification. It implies a two-factor verification of the transaction. However, if the user has disabled the two-factor verification, then Frictionless verification can be used. In this case, the cardholder doesn’t need to enter any codes from SMS to make a purchase, and the background information is used to confirm the transaction. This method reduces the level of protection, but is more convenient for the user and is more suitable if the user makes a payment on a trusted resource.

Key advantages of 3DS verification

The advantages of the technology for business are obvious: by requesting additional data from the payer, it provides protection from fraud and ensures that only verified customers pay with a card. Additional benefits are:

Security guarantee. The transaction is confirmed with a password, which is only available to the cardholder and is valid for a limited time. In addition, it is intended for one specific transaction, and up to 3 attempts are given to enter it.

Convenience. Limits for online payments by cards connected to this technology are high by default. This saves users time and effort in contacting the support service of the issuing banks to ask for higher limits.

Liability shift. The 3-D Secure system also provides a liability shift. This is the principle whereby liability for a fraudulent transaction is transferred from the merchant to the cardholder. If a payment is made without 3DS authorization, the merchant is responsible for the transaction and the cardholder can dispute the fraudulent payment.

Processing fees are lower. Card issuers encourage the use of 3DS verification, and therefore often set lower processing fees if the technology is used. Thus, the use of 3DS becomes profitable for business and its ubiquity only grows.

How does Boxopay protect payments with 3-D Secure verification?

Boxopay is a high-tech solution for acquirers and PSPs, equipped with all the necessary mechanisms to ensure the best user experience. Security is of particular importance in our solution, hence Boxopay payment gateway has advanced transaction verification and anti-fraud systems including 3-D Secure authorization.

By using Boxopay Payment Gateway, acquirers and merchants can be sure that everything will work without a single malfunction because we have taken care of the perfect balance of convenience and security. Boxopay payment gateway is designed to enable and disable the 3DS protocol as this approach maximizes conversion rates and keeps decline rates low.

Our payment gateway is equipped with an AI-based anti-fraud system. It automatically detects suspicious transactions and requires 3DS 2.0 verification for them. If the transaction is alright, the payment will be executed without any inconvenience. Contact us now and get your white-label payment gateway equipped with the latest technology. Moreover, in addition to end-to-end back-offices and bank payment gateway API, we can also help you in obtaining an EMI license.

FAQ

What is 3-D Secure verification?

3-Domain Secure (3DS) is an online payment protection protocol. It allows users to authorize cardless transactions when they make payments online. This mechanism allows users to confirm that it was the cardholder who made the transaction and not someone else. In some countries (EU) it is mandatory, while in others (United States) it isn’t.

How does 3-D Secure authentication work?

The very definition of the 3DS system implies that the 3 domains (acquirer, payment system, and issuer) exchange information which allows for user authentication. After the cardholder enters all the necessary information such as card number and CVC2 the protocol redirects users to the 3DS verification page where they have to enter a confirmation code, usually sent by SMS. Alternatively, the protocol may not use two-factor verification, limiting it to background information.

What are the benefits of using 3-D Secure authentication?

3DS Secure verification is extremely convenient for users and payment service providers. The protocol allows no third-party services to be used for verification, making the user experience virtually seamless. Moreover, the 3-D Secure protocol provides several different verification methods, for example biometric, which is ideal for mobile devices.