3D Secure (3DS)
3DSecure2 (3DS2)
3D Secure (3DS) and 3DSecure2 (3DS2) are authentication protocols designed to enhance the security of online card transactions and reduce the risk of fraud. There are different versions of 3D Secure, each with its own set of features and security mechanisms.
-
Knowledge
-
Compliance
- 3D Secure
The main versions of 3D Secure are:
3D Secure 1.0: The initial version of 3D Secure, also known as 3DS1, was introduced in the early 2000s. It added an additional security layer to online transactions by redirecting cardholders to their card issuer's website, where they were prompted to enter a password or provide other authentication credentials to verify their identity. The card issuer then communicated the authentication status back to the merchant. 3DS1 used static passwords, which were often difficult to remember and resulted in poor user experience.
3D Secure 2.0: The latest version of 3D Secure, known as 3DS2, was introduced to address the limitations of 3DS1 and improve the authentication.
3DSecure is typically an optional feature for merchants and cardholders, but some regions or card networks may make it mandatory for certain transactions or card types. Merchants need to integrate the 3DSecure functionality into their payment processing systems, and cardholders may need to register their cards for the 3DSecure service with their issuing banks.
3DSecure has evolved over time, and various versions have been introduced, such as 3DSecure 1.0, 3DSecure 2.0, and subsequent updates, each offering enhanced security and improved user experience. These versions aim to strike a balance between security and convenience, ensuring a smoother and more secure online shopping experience for cardholders while reducing the risk of fraud.
The key aspects of 3DSecure:
Authentication process: When a cardholder initiates an online transaction at a participating merchant, the 3DSecure protocol kicks in. Instead of a simple card number and CVV code verification, the cardholder is prompted to provide additional information for authentication. This additional information may include a one-time password (OTP) sent to the cardholder's registered mobile phone or a fingerprint/face scan on supported devices.
Two-Factor Authentication: 3DSecure typically employs a two-factor authentication mechanism. The first factor is something the cardholder knows, such as a password or PIN associated with the card. The second factor is something the cardholder possesses, like their mobile device or biometric data. The combination of these factors adds an extra layer of security, making it more difficult for unauthorized individuals to use the card for online transactions.
Card issuer involvement: The 3DSecure authentication process involves the cardholder's issuing bank or card issuer. The issuer verifies the cardholder's identity and approves or declines the transaction based on the authentication results. The card issuer may use various risk-based factors, such as transaction history, device information, and the authentication response, to make an informed decision.
Improved fraud protection: 3DSecure helps protect both cardholders and merchants from fraudulent transactions. By requiring additional authentication, it becomes more challenging for fraudsters to make unauthorized use of stolen card details. The authentication process adds an extra layer of verification, reducing the risk of chargebacks and potential losses for merchants.
Liability shift: When a transaction is authenticated through 3DSecure, liability for certain types of fraudulent activity may shift from the merchant to the card issuer or payment network. If a fraudulent transaction occurs despite successful authentication, the issuer or network may bear the liability instead of the merchant, providing added protection for merchants.
For more information see 3dsecure2.com
