Understanding 3D Secure 2.0 Technology

Table of Contents

  1. What is 3-D Secure 2.0?
  2. How did 3-D Secure 1.0 work?
  3. How does 3-D Secure 2.0 work?
  4. What are the benefits of using 3-D Secure 2.0?
  5. Can 3-D Secure 2.0 eliminate all my chargebacks?
  6. Should I use 3-D Secure 2.0?
  7. How long does it take to set up 3-D Secure?
  8. How do I activate 3-D Secure?
  9. Is 3-D Secure 2.0 mandatory?
  10. How much does 3-D Secure cost?

Preventing fraud is an important part of any eCommerce business. Not only does fraud drain revenue, but if a merchant's fraud prevention is lacking, they may be repeatedly targeted by fraudsters looking for an easy score.

Unfortunately, effective fraud prevention is a moving target. Every time merchants, banks, or card networks find a new way to prevent fraud, the fraudsters find a new way to commit it. That's why it's important for merchants to stay on the cutting edge of fraud prevention as much as possible. While there are a multitude of anti-fraud tools available, one of the most important ones for merchants to know about is 3-D Secure 2.0.

What is 3-D Secure 2.0?

3-D Secure 2.0 is a protocol that allows merchants to securely transmit detailed transaction information to issuing banks, allowing the merchant to take advantage of the bank's more advanced fraud analysis tools.

Developed by Arcot Systems and Visa, this technology supports improved transmission security, and it has been adopted and implemented by all the major card networks under different names, including ProtectBuy and SafeKey.

The first version of 3-D Secure technology had some limitations. The most significant one was the system for confirming the customer's identity when the bank's fraud analysis showed that the transaction was potentially risky, which was clunky and caused increases in cart abandonment. The original version also only supported transmission of 15 types of transaction data, limiting the analysis that could be done.

3-D Secure 2.0 fixed these problems and added additional features, making it a much more attractive option for merchants, especially as more customers are using smartphones to make purchases.

How did 3-D Secure 1.0 work?

In the original version, customers had to opt into the program with their issuing bank, and a PIN was assigned to the customer to use the card online in a secure manner. This created two major issues for eCommerce merchants:

  1. Transactions were declined if the customer forgot the pin
  2. Customers were redirected to the card network websites from the merchant checkout page to approve the transaction, increasing the order approval time.

In a country where ease of use is always a key factor, 3-D Secure 1.0 was not a welcome addition, even though it was widely used and appreciated by European and Asian merchants. 3-D Secure 1.0 is still in use by merchants outside the US, who have seen a significant decline in their fraud rate

How does 3-D Secure 2.0 work?

Frictionless 3D Secure 2.0 allows merchants to verify a transaction with the cardholder’s issuing bank in real time, using two-factor authentication to confirm the customer's identity when necessary.

3-D Secure 2.0 supports the transmission of more than 100 pieces of information to the issuing bank, allowing for more effective risk analysis.

The customer experience is streamlined, and the need for cardholders to remember static passwords is eliminated.

To enable 3-D Secure 2.0, A JavaScript code is inserted into the merchant’s checkout page. When the customer provides their billing, shipping, and credit card details, the information provided by the customer, along with their digital footprint such as IP address, machine address, etc., are sent to the cardholder's issuing bank to validate the transaction. If the transaction is approved, the customer sees a processing indicator for few seconds followed by a checkmark indicating approval.

If the issuing bank determines the transaction requires additional verification, the customer may be sent a text message with a one-time code to enter, or they may be asked to scan their face or fingerprint for biometric authentication. Either way, it's a process most customers are already familiar with due to websites using two-factor authentication, and there's no static PIN to remember.

3D Secure Explanation

What are the benefits of using 3-D Secure 2.0?

3-D Secure technology can prevent certain true fraud chargebacks and shields the merchant from liability if a customer is falsely authenticated.

Because 3-D Secure contains so much information, it makes claiming fraud much harder for those trying to commit friendly fraud.

If a transaction verified by 3-D Secure is truly fraudulent, the issuing bank is responsible, not the merchant.

"Not authorized” reason codes are a major concern for most eCommerce merchants, and using 3-D Secure can reduce the number of these disputes merchants have to deal with.

Can 3-D Secure 2.0 eliminate all my chargebacks?

No. "Not authorized" reason codes are the only chargebacks 3-D Secure can provide protection from. Customers can still file disputes related to customer service issues or merchant error.

The issuing bank must be 3-D Secure enabled to verify transactions. If the cardholder’s issuing bank is not 3-D Secure enabled, the transactions will return a "non-verified" response. Merchants aren't protected from liability in these cases.

Should I use 3-D Secure 2.0?

While all merchants can benefit from using 3-D Secure, those at a greater risk for fraud and those who receive a high number of chargebacks with a "not authorized" reason code will see the best return on investment.

Here are some of the industries that typically benefit most from 3D Secure 2.0 technology:

  • Health & beauty
  • Insurance
  • Electronics
  • Gaming
  • Digital goods
  • Digital subscriptions
  • Luxury goods
  • Digital services

How long does it take to set up 3-D Secure?

The integration and setup process can take anywhere from 2 – 5 business days, depending on the service provider.

JavaScript code will be provided to you that needs to be inserted on your checkout page to activate 3-D Secure. This does not require an experienced developer. An entry-level developer can usually complete this part of the integration in a matter of hours.


How do I activate 3-D Secure?

You will want to contact your acquiring bank and a Visa representative to get started registering with 3-D Secure 2.0.

Is 3-D Secure 2.0 mandatory?

No. Many card networks require some level of 3-D Secure 2.0 compliance but offer exclusion based on shopping experiences and transaction type.

How much does 3-D Secure cost?

Depends on the provider and transaction volume. 3-D Secure 2.0 can cost anywhere between $.10 and $.30 per transaction.

Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions or requests for advice to: win@chargebackgurus.com

Ready to Start Reducing Chargebacks?