How Visa Secure Prevents True Fraud

Fraud False Positives_Blog Image

Whenever fraud strikes, chargebacks are sure to follow, and there’s no way to fight a valid true fraud chargeback. Prevention is the only cure for disputes resulting from credit card theft, which means that merchants need to implement effective anti-fraud measures right up to the point of sale.

These can include third-party software solutions as well as resources offered by the credit card networks themselves, such as Visa Secure, which inserts an additional authentication layer based on 3-D Secure technology into the transaction process. What is Visa Secure, and how much protection does it really provide against fraud and chargebacks?

New call-to-actionFraud costs merchants around the world more than $20 billion in lost revenue every year.

When cardholders discover that their cards have been stolen and used without their permission, they are legally empowered to dispute the charge and push the liability for the fraud back onto the merchant.

Not only do merchants lose the goods sold and the transaction amount, but they also get hit with chargeback fees and the threat of losing their merchant account due to an excessive chargeback rate.

In addition to the obvious harm done to merchants, rampant fraud also hurts consumer confidence in the entire card payments system, so the card networks have a vested interest in providing merchants with tools and services to help them block fraudulent transaction attempts. Their important role in the payments process gives them unique access to data, insights, and leverage and allows them to develop very effective purpose-built tools like Visa Secure.

What Is Visa Secure?

Visa Secure is Visa’s implementation of the 3-D Secure 2.0 anti-fraud protocol. It stops fraud by making cardholders go through a second authentication step during checkout, separate from the authentication they completed by logging into the merchant’s site.

In some cases, this second authentication can be performed in the background using customer and transaction data and will not interrupt the checkout process at all. Otherwise, the cardholder will typically authenticate themselves by confirming a one-time code sent via SMS or email.

Multi-factor authentication is very effective at stopping the usual forms of credit card fraud. It’s easy for fraudsters to get their hands on stolen payment credentials, but the average fraudster almost never has access to the victim’s personal devices or email account. By requiring purchasers to verify their identities through these channels, merchants can put up a roadblock that many fraudsters won’t be able to get past.

An earlier version of this tool, based on the first iteration of 3-D Secure, was known as Verified by Visa and you can still see it in use. To use Verified by Visa, cardholders would have to sign up for the service and create a password, which they would then enter to confirm their identity when prompted during checkout. Visa Secure is designed to be more secure and less of a hassle for cardholders.

What Is 3-D Secure 2.0?

Developed by EMVCo, a consortium made up of large credit card networks, 3-D Secure is a security protocol based on the idea that the “three domains” involved in a credit card transaction—the acquirer, the issuer, and the infrastructure provided by the card network—can cooperate to identify and block fraud.

Download your copy of An Introductory Guide to E-Commerce Fraud PreventionIn essence, 3-D Secure is designed to check in with the issuer while a transaction is in progress so they can verify whether the cardholder is really their customer or not. Every major card network offers its own branded version of 3-D Secure.

The first version of 3-D Secure did this with a static password, which meant that the cardholder would have to create (and remember) one. This could create quite a bit of friction at checkout and was subject to password insecurity issues. The new version, 3-D Secure 2.0, aims to be frictionless whenever possible.

In some regions, merchants may be required by law to implement two-factor authentication. Often, implementing 3-D Secure will be the simplest and most cost-effective way to get in compliance with these regulations.

Are There Downsides to Visa Secure?

Visa Secure and other 3-D Secure implementations are good solutions for the problem of straightforward credit card fraud, where the fraudster creates their own login but uses somebody else’s credit card number, as well as account takeover fraud, where the fraudster hacks into somebody else’s account and tries to make a purchase with their stored payment credentials. In both cases, the fraudster’s lack of access to the victim’s devices or email will prevent them from completing the transactions.

The only real downside is that some of your legitimate customers might not like the extra authentication step when it wants to send them a one-time code, and even a little friction can prompt some customers to abandon their carts.

However, it’s important to note that 3-D Secure is only a defense against certain types of fraud. It does nothing at all to prevent friendly fraud, which makes up a significant percentage of chargebacks for many merchants. Used correctly, Visa Secure and similar solutions can help reduce your true fraud rates, but don’t let it lull you into a false sense of complacency. Keeping your overall chargeback rates low will still require active efforts in all of the areas not covered by 3-D Secure technology.


Strong chargeback management policies always take their cue from the story the data is telling. If an analysis of your chargeback data reveals that true fraud is occurring regularly, Visa Secure should immediately be on the table as a potential solution, but true fraud is never the whole story.

Chargeback analytics can also reveal procedural errors, issues with fulfillment, and of course a clearer picture of your exposure to friendly fraud, which can range from occasional to epidemic depending on the industry you’re in.

Unfortunately, the card networks haven’t released killer apps for every chargeback scenario. To eliminate merchant error, fight friendly fraud, and defend against sophisticated fraud attacks, you can’t rely on automated software solutions. It takes a comprehensive, customized, data-driven strategy to mount the kind of defense against chargebacks that will keep your rates low and maximize your revenue recovery.

Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions, or requests for advice to:
Get the guide, Chargebacks 101: Understanding Chargebacks & Their Root Causes