Understanding 3D Secure 2.0 Technology

Table of Contents
- What is 3-D Secure 2.0?
- How did 3-D Secure 1.0 work?
- How does 3-D Secure 2.0 work?
- What are the benefits of using 3-D Secure 2.0?
- Can 3-D Secure 2.0 eliminate all my chargebacks?
- Should I use 3-D Secure 2.0?
- How long does it take to set up 3-D Secure?
- How do I activate 3-D Secure?
- Is 3-D Secure 2.0 mandatory?
- How much does 3-D Secure cost?
Preventing fraud is an important part of any eCommerce business. Not only does fraud drain revenue, but if a merchant's fraud prevention is lacking, they may be repeatedly targeted by fraudsters looking for an easy score.
Unfortunately, effective fraud prevention is a moving target. Every time merchants, banks, or card networks find a new way to prevent fraud, the fraudsters find a new way to commit it. That's why it's important for merchants to stay on the cutting edge of fraud prevention as much as possible. While there are a multitude of anti-fraud tools available, one of the most important ones for merchants to know about is 3-D Secure 2.0.
What is 3-D Secure 2.0?
Developed by Arcot Systems and Visa, this technology supports improved transmission security, and it has been adopted and implemented by all the major card networks under different names, including ProtectBuy and SafeKey.
The first version of 3-D Secure technology had some limitations. The most significant one was the system for confirming the customer's identity when the bank's fraud analysis showed that the transaction was potentially risky, which was clunky and caused increases in cart abandonment. The original version also only supported transmission of 15 types of transaction data, limiting the analysis that could be done.
3-D Secure 2.0 fixed these problems and added additional features, making it a much more attractive option for merchants, especially as more customers are using smartphones to make purchases.
How did 3-D Secure 1.0 work?
- Transactions were declined if the customer forgot the pin
- Customers were redirected to the card network websites from the merchant checkout page to approve the transaction, increasing the order approval time.
In a country where ease of use is always a key factor, 3-D Secure 1.0 was not a welcome addition, even though it was widely used and appreciated by European and Asian merchants. 3-D Secure 1.0 is still in use by merchants outside the US, who have seen a significant decline in their fraud rate
How does 3-D Secure 2.0 work?
3-D Secure 2.0 supports the transmission of more than 100 pieces of information to the issuing bank, allowing for more effective risk analysis.
The customer experience is streamlined, and the need for cardholders to remember static passwords is eliminated.
To enable 3-D Secure 2.0, A JavaScript code is inserted into the merchant’s checkout page. When the customer provides their billing, shipping, and credit card details, the information provided by the customer, along with their digital footprint such as IP address, machine address, etc., are sent to the cardholder's issuing bank to validate the transaction. If the transaction is approved, the customer sees a processing indicator for few seconds followed by a checkmark indicating approval.
If the issuing bank determines the transaction requires additional verification, the customer may be sent a text message with a one-time code to enter, or they may be asked to scan their face or fingerprint for biometric authentication. Either way, it's a process most customers are already familiar with due to websites using two-factor authentication, and there's no static PIN to remember.
What are the benefits of using 3-D Secure 2.0?
Because 3-D Secure contains so much information, it makes claiming fraud much harder for those trying to commit friendly fraud.
If a transaction verified by 3-D Secure is truly fraudulent, the issuing bank is responsible, not the merchant.
"Not authorized” reason codes are a major concern for most eCommerce merchants, and using 3-D Secure can reduce the number of these disputes merchants have to deal with.
Can 3-D Secure 2.0 eliminate all my chargebacks?
The issuing bank must be 3-D Secure enabled to verify transactions. If the cardholder’s issuing bank is not 3-D Secure enabled, the transactions will return a "non-verified" response. Merchants aren't protected from liability in these cases.
Should I use 3-D Secure 2.0?
Here are some of the industries that typically benefit most from 3D Secure 2.0 technology:
- Health & beauty
- Insurance
- Electronics
- Gaming
- Digital goods
- Digital subscriptions
- Luxury goods
- Digital services
How long does it take to set up 3-D Secure?
JavaScript code will be provided to you that needs to be inserted on your checkout page to activate 3-D Secure. This does not require an experienced developer. An entry-level developer can usually complete this part of the integration in a matter of hours.
FAQ
How do I activate 3-D Secure?
Is 3-D Secure 2.0 mandatory?
How much does 3-D Secure cost?
Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions or requests for advice to: win@chargebackgurus.com