In 2015, over 227 billion merchant transactions were completed using a credit or debit card. In Europe alone, users bought almost $3 trillion dollars worth of goods and services using their cards. With such enormous volumes and such staggering amounts of money being moved, it is no wonder that card brands are moving rapidly to plug any loopholes in card security.

The most significant step in this direction was the development of the 3D Secure (3DS) system. 3DS is a software protocol, which provides an additional layer of security for online card transactions. This may be through the use of standard passwords which are required to be entered at the time of a transaction or a One Time Password (OTP) which is sent via email/ SMS every time a transaction is initiated.

Different name, same game

Visa was the first company to implement such an additional factor authentication system for online transactions. This protocol, branded as Verified by Visa, was the first implementation of 3D Secure and was launched with the intention of greatly improving the security of online transactions. Today, MasterCard offers 3DS functionality under the brand as SecureCode, American Express calls their version SafeKey and JCB launched it as J/Secure.

How does it work?

The 3D Secure protocol uses a 3-domain model to authenticate transactions. The first domain is the merchant and his bank (known as the acquirer), the second domain is the bank whose card is being used (the issuer), and the third domain is the digital infrastructure over which the communication is happening.

On initiation of an online transaction, the first and second domain talk to each other over an encrypted channel (provided by the third domain) in order to authenticate each other's identities. Once this is established, the actual authentication of the transaction is initiated. This might be by way of a standard password that the user enters, or a One-Time Password (OTP) that the user's bank sends to the user via SMS/ email for every transaction.

All of this ultimately ensures that fraudulent transactions do not occur and users can safely shop online.

What makes it so useful for online merchants?

3D Secure has gained popularity over the years. Judging its utility, some countries have even mandated the use of 3DS for all card transactions.

The first and most obvious benefit of 3D Secure is the additional security it provides to the user, which ultimately translates to more transactions.

The second, and equally important, benefit to the merchant is that an implementation of 3D secure means that the liability for any fraudulent transactions shifts away from the merchant and for the card issuing bank. This is because the additional password or OTP required to complete the transaction is never known to the merchant.

What does the future hold for 3D Secure?

Currently, MasterCard, Visa, American Express and Japan Credit Bureau offer 3D Secure services to their customers under different brand names. Payzoff has partnered with all these card brands to ensure that transactions requiring 3D Secure are processed effortlessly for all users. With the ever increasing popularity of e-commerce, the development of an improved version (3D Secure 2.0) is already underway. The new version, when deployed, will offer even better security and ease of use for the customer.