Table of Contents
1 What is 3D Secure? How Does it Work?
2 What Does 3D Secure Cost to Use?
3 What Are the Benefits of Using 3D Secure?
4 Are There Downsides to Using 3D Secure?
5 Should You Use 3D Secure?

Find out about disputes before your bank does. Stop up to 85% of them from becoming chargebacks at all.

About Early Alerts
Home > Guides > What Are the Benefits of Integrating 3D Secure (3DS)?

What Are the Benefits of Integrating 3D Secure (3DS)?

James Parsons By James Parsons
11 min read

When the internet was first starting to become a vector for commerce rather than just information, people quickly recognized the need to be able to handle payments remotely and digitally.  It also very quickly became obvious that there would be a need for an authentication protocol to validate transactions using credit cards, to prevent fraud and abuse.

Many different tools have been developed to cut back on fraudulent transactions.  When a store requests your address to ensure it matches with the address on file with your credit card, that’s a level of validation.  When the checkout process asks for the three-digit number on the back of your card, that’s also validation.

One form of validation introduced all the way back in 1999 was the 3D Secure protocol.  This protocol was originally developed by Visa under the name Verified by Visa, and it has carried that name forward, thought the actual protocol has changed a lot since.  Today, it’s also used by Mastercard under the name Mastercard SecureCode.  Other validation systems like Visa Secure, Mastercard Identity Check, and American Express SafeKey are all also variations on the same protocol.

What is this protocol, how does it work as a customer and as a merchant, what do you need to know about it, and should you use it?  Let’s run through everything you need to know.

What is 3D Secure?  How Does it Work?

3D Secure stands for Three Domain Secure, with the original three domains being:

  • The Acquirer, which is the bank and merchant being paid in the transaction.
  • The Issuer, which is the credit card company that issued the card.
  • The Interoperability, which is the infrastructure that connects it all, and can range from a merchant’s plug-in in their store, to an access control server, and more.

In the past, the verification data might be a unique password or PIN tied to the credit card.  This original version was an added layer of friction, however, and many customers chose to abandon their carts rather than try to remember a password they rarely use, or provide more information than they’re used to providing.

In response, EMVCo, the consortium of payment processors originally started with Europay/Mastercard/Visa, has created a more modernized version of the standard.  Introduced in 2016, 3DS2 (3D Secure Version 2) is now in common use worldwide.

What Is 3D Secure How Does It Work

Today, it’s the verification information requested by the protocol is often a one-time use code like an MFA code.  If you’ve ever made a purchase online and been prompted for a six-digit number that is texted to you or provided via an authentication app, that’s a form of 3D Secure in action.  Similarly, if you buy something using a mobile device and the device asks you to validate your fingerprint, same deal.

3D Secure 2 also improves the process in other ways.

  • It’s designed with the awareness of mobile commerce in mind, and is much easier and more effective to use on mobile devices than the previous version of the protocol.
  • It uses many more data points to pre-screen transactions and assess them for their risk, and can more easily validate low-risk transactions without the need for additional validation.
  • It created a frictionless version of the process where low-risk transactions can be validated without any engagement from the cardholder, making the validation silent unless there’s a problem.

The overall process of digital transactions today typically uses 3D Secure as a base.  When a customer initiates a transaction and inputs their credit card information, the business’s payment processing system sends an authentication request to the acquirer.  Whether or not this triggers a need for additional anti-fraud authentication, or if it can be validated as-is, is determined by the business and its anti-fraud measures.

If the need for additional authentication is there, the acquirer further forwards the authentication request to the issuer, who requests validation information from the customer.  This is often through a window in the checkout process, or a pop-up window.

When the information is received, it’s either validated or denied.  Or, if the information can’t be provided, it becomes a wall against unauthorized use.  If it’s validated, the transaction continues and is processed.  In other words, it’s a barrier to fraudulent transactions and unauthorized use of a credit card.

What Does 3D Secure Cost to Use?

One concern you might have as a merchant is the cost to use this kind of system. Since it’s not a default and not baked into the payment processing infrastructure, it becomes an optional add-on, and anything optional generally has associated fees.

The bad news is that, yes, 3D Secure does cost a fee to use.  The actual fees vary depending on the payment processor being used; the cheapest it will be is around 2-4 cents per transaction, while higher risk merchants might face as much as 20-30 cents per transaction.

What Does 3D Secure Cost To Use

This generally isn’t a separate fee or pricing model, however; it’s just part of the general transaction fees charged by whichever payment processor you’re using.  For example, Clover only charges 4 cents per transaction.  PayPal’s Braintree has variable fees, and other processors don’t separate out a 3D Secure fee from general transaction fees at all.

For merchants that sell low-volume, high-value transactions, a couple of cents for security is a no-brainer.  For merchants with high-volume, low-value transactions, those fees can add up more, but it’s still such a small amount that saving yourself even a couple of chargebacks makes it very much worthwhile.

What Are the Benefits of Using 3D Secure?

The list of benefits to using 3D Secure is long. But a lot of it boils down to this – more valid transactions, fewer fraudulent transactions, and all of the repercussions of both.

Fewer people abandon carts due to friction or denials.  Using 3D Secure gives you a better insight into the validity of transactions, and allows you to ensure you’re capturing as many valid transactions as possible with fewer last-second rejections, denials, or abandoned carts.

Modern 3D Secure 2 validations can often happen almost entirely, or entirely, in the background.  The frictionless process and the multi-point validation allow 3D Secure to validate transactions without the need for direct input from the consumer.

Fewer chargebacks.  Fraudulent transactions frequently result in chargebacks, and as we all know, chargebacks are devastating for a business.  Not only are they a loss of product and revenue, they have fees, they put your business at risk, and at extreme levels, you can even be effectively denylisted by payment processors.

What Are The Benefits Of Using 3D Secure

You shift liability.  One of the biggest benefits to using 3D Secure is that it’s a form of due diligence.  If you identify a transaction as potentially sketchy and forward it to the 3D Secure process, it gets validated or denied by your bank.  If it ends up being fraudulent after all, well, you did what you could, and it’s on the bank for validating it anyway.

Chargebacks can still happen, but you’re only liable if you didn’t use 3D Secure to validate them.  You can think of it like having a security company check visitors at your front door; if a criminal gets through, it’s the fault of the security company, unless you bypassed the security company to let them in anyway.

Trust in your business is enhanced.  Many users hesitate to make purchases through websites that have limited security measures in place, because they feel like their information might be at risk if they give it to you, or they worry about how legitimate your company is and whether or not they’ll receive what they’re paying for.  3D Secure is a semi-visible way to provide additional layers of security and prove that you’re a legitimate business.

It may be required for regulatory compliance.  While the United States somewhat lags behind many other places around the world (see, for example, our exceptionally slow transition from swipe-and-sign to chip-and-pin), some regions have more proactive requirements for merchants and payment processors.

For example, the EU has the Payment Services Directive 2.  These kinds of regulations require additional layers of security and validation for payments, and 3D Secure satisfies these needs.  If you plan to sell to international customers, you may be required to meet the standards of these regulations.

Are There Downsides to Using 3D Secure?

There are a few downsides to 3D Secure, though they’re more about misconceptions and myths than they are about the system itself.

One common misconception is that 3D Secure stops all chargebacks.  If that were true, everyone would use it, right?  Unfortunately, it only stops some chargebacks, and even then, only some kinds of chargebacks.  It’s focused on fraudulent use of cards, but it doesn’t stop friendly fraud, or chargebacks due to products not arriving, or misrepresentation of items, and other causes.

Similarly, while one of the benefits I listed above is that it shifts liability for chargebacks to the bank rather than you, that also only applies to certain chargebacks.  That said, any chargeback you aren’t responsible for is a good thing.

The cost is commonly cited as a drawback of using 3D Secure, but I don’t think that’s a valid complaint 99% of the time.  Yes, it can be costly, especially for higher-risk merchants.  Yes, it adds a bit to the transaction fees you’re already paying.  But, unless your business is operating on margins where a few cents make or break you, it’s not going to be that bad.  Moreover, even a single chargeback can be much more costly than an entire month of the fees associated with 3D Secure, let alone more than one chargeback.

Are There Downsides To Using 3D Secure

Another common criticism of 3D Secure is that it adds friction to the checkout process.  If you lose a potential sale because a customer was asked for a fingerprint, MFA code, or password, that hurts.

At the same time, that layer of validation is what prevents fraud.  Was the transaction you lost a legitimate transaction?  Maybe, maybe not.  If 3D Secure was triggered, then there was something sketchy about it.  The kinds of users who refuse to validate at a simple challenge are often not the kinds of users you want in your customer base, even if they are on the more legitimate side of the coin.

For the most part, this criticism was more relevant in the past, under 3D Secure version 1.  Version 2 smooths it out significantly.  Also, we live in a society now where using two-factor authentication is much, much more common than it used to be, so people are much more used to providing those codes and it’s more of an expected part of doing business now.

One of the more valid criticisms is that there’s a potential for technical issues getting in the way of validation.  This can cost you legitimate transactions, and banks and customer service often have to confront this point.  It’s especially common for email and mobile validations, where delays in server processing or in text message delivery can lead to validation codes not arriving within their window of validity.  As interconnected as the world is with telecommunications, it’s not perfect everywhere.

Should You Use 3D Secure?

The answer is almost definitely yes.

For one thing, if you’re in an international market, it may simply be required to have something in place, and 3D Secure is a good option.

Any layer of fraud prevention is beneficial, especially if you’re in a higher-risk industry or deal with a lot of chargebacks as it is.  The additional layer of shifted liability is also beneficial.  If you combine 3D Secure with a system like FightDisputes.com Dispute Alerts to catch chargebacks that do happen and head them off at the pass, you can keep your chargeback ratio low and your business secure.

Should You Use 3D Secure

On top of that, it’s probably quite easy to get 3D Secure implemented in your payment process, if it isn’t already.  In fact, depending on the payment processing system you use, you might already have it implemented, or it might be as simple as a toggle in a settings panel somewhere.  At worst, you’ll need to call your account rep.

If you do choose to use 3D Secure, just make sure to keep an eye on it.  If you find that your customers have an abnormally high level of technical issues or false denials, or the friction causes undue amounts of cart abandonment (especially from known good customers), then it might be worth pulling back and using other anti-fraud tools instead.  Chances are, though, that won’t happen.

James Parsons

About James Parsons

James Parsons founded FightDisputes.com after nearly two decades building and scaling e-commerce businesses. He's the owner of Content Powered (marketing agency) and Topicfinder (software company), and has bought and sold multiple websites throughout his career.

His work has been featured in Forbes, Entrepreneur, Inc, Business Insider, and Huffington Post. James has worked with companies ranging from startups to Fortune 500s like eBay and Expedia, giving him firsthand experience with the payment processing challenges that lead to chargebacks.

After dealing with dispute headaches across his own businesses and client accounts, James built FightDisputes.com to solve the problem at its source - catching disputes before they become expensive chargebacks through direct partnerships with Visa and Mastercard networks.

Contact: james@fightdisputes.com LinkedIn Profile Personal Website

Related Articles

Leave a Comment