What is 3D Secure? A complete guide to the payment authentication system

Whether it comes to everyday essentials or special one-off purchases, the vast majority of UK consumers now regularly do much of their shopping online. So, unless your business exclusively deals with customers face to face, being able to accept remote payments in a reliable, efficient way will be vital to maximising your cash flow.

A key component of reliability is security. With debit and credit card fraud an ever-present risk in our era of accelerating e-commerce, it’s more important than ever to have robust authentication protocols like 3D Secure in place.

Even though 3D Secure authentication is now ubiquitous in the world of e-commerce transactions, the term itself isn’t particularly well known to consumers, and many  business owners may be hazy on what constitutes a 3D Secure payment.

If you accept online payment methods in your business and want to know how 3D Secure authentication helps ensure things go smoothly with each purchase, this guide has the answers. We’ll lay out the 3D Secure process, and explore how it might be integrated into the payment systems for all kinds of small business ideas.

What is 3D Secure authentication?

3D Secure is a security process which utilises the principles of two-factor authentication by requiring cardholders to verify their identity beyond simply providing their card details. They might be asked for a thumbprint, for example, or to enter a unique PIN which has been texted to their device.

The “3D” part of 3D Secure refers to the three domain servers which are involved in the process. These are:

• The issuer domain, which belongs to the bank which issued the customer’s card.

• The merchant domain, which belongs to the merchant’s account provider.

• The interoperability domain, which is the overall digital infrastructure for the 3D Secure process, provided by the card network.

How does 3D Secure work?

It’s helpful to illustrate the 3D Secure authentication process using an example. Say you’ve been considering business ideas from home and decide to launch an online store selling handmade homeware items. 

A customer spots a set of ceramic candlestick holders they like the look of, and decides to make a card purchase. Here’s how a 3D Secure payment would proceed:

1. The customer navigates to your site’s checkout page to enter their card or digital wallet details in the payment gateway. 

2. The payment processor checks the details and uses multiple data points to gauge whether further verification is necessary.  

3. If further verification is necessary, the customer is presented with a 3D Secure interface where they have to pass a biometric check or submit a one-time code that’s been sent to their device.

4. If the information is correct, the 3D Secure protocol will be satisfied and the transaction can continue to completion.

What is 3D Secure 2?

In the online store example above, we mentioned that the customer only has to go through the additional security check process if the system deems it necessary. This nuanced approach is thanks to 3D Secure 2, the updated version of the protocol which was introduced in 2016.

As the original 3D Secure was developed in the pre-smartphone age, its use of pop-windows and static passwords, along with its insistence on security verifications for all transactions, meant it was seen as too clunky and inflexible as e-commerce went mainstream. 

3D Secure 2 is smarter because it doesn’t use pop-ups (which can be especially disruptive during smartphone transactions) and makes use of many more data points connected to the cardholder, such as their IP address, browser language and shipping details. 

A rapid assessment is carried out to determine if these data points are consistent and reassuring enough to allow the transaction to proceed right away, or if further verification is required in the form of a 3D Secure authentication request.

By allowing frictionless and faff-free approval of the majority of card not present transactions, this update to the original 3D Secure process has improved the customer experience, reducing the likelihood of shopping carts being abandoned midway through transactions while still keeping fraudsters at bay.

The benefits of 3D Secure for small business owners

Whatever kind of enterprise you’re involved in, whether you’re developing low cost business ideas to run from home or you’re seeking to expand your brick-and-mortar retail business by selling online, 3D Secure brings these tangible benefits.

It enhances security

Digital security measures need to be on any checklist for starting a business online. After all, global incidences of card not present fraud – when criminals use stolen card details to make transactions remotely – have skyrocketed in recent years, and this doesn’t just present a problem for the cardholders whose information is compromised.

As fraudulent purchases are liable to be reversed by way of chargebacks when the genuine cardholders realise what’s happened, they will strike a blow to your business’s operating cash flow. What’s more, fraud connected with your business is likely to create negative associations with your brand in the eyes of those affected, hampering customer acquisition.

Incurring too many chargebacks can also subject you to more rigorous scrutiny by banks and other financial institutions, which can lead to penalties or being forced to apply for high risk merchant accounts with higher fees.

With all this in mind, it’s clear why blocking fraudulent payments with 3D Secure is such an important aspect of running a business, and should be accounted for as part of your overall small business risk management plan.

It shifts liability 

Another major advantage of 3D Secure is that it shifts the liability for chargeback fraud away from your business. For example, let’s say you’ve brought one of your passive income ideas to life in the form of an e-commerce site selling tech items from overseas, and a fraudster buys a big ticket item using stolen card details.

If this fraudulent purchase was subjected to 3D Secure authentication and somehow managed to pass the protocol, then the responsibility for covering the chargeback costs will fall on the customer’s card issuer bank rather than on you, the merchant.

It’s hassle-free for you and your customers

Whether you’re currently brainstorming how to start a business or your entrepreneurial journey is already underway, you’ll have lots of tasks to check off on a daily or weekly basis. 

From refining your marketing strategy to working out how to price products and how to price services, there’ll always be plenty to be getting on with, so it’s good to have a security protocol which takes care of itself, and doesn’t require your hands-on involvement.

Unlike some other small business cyber security measures which may require active implementation on your part, 3D Secure is baked into online cashless payment processes, so you can basically forget about it and focus on running your business. 

And, following the 3D Secure 2 update, the protocol is entirely seamless from the customer’s point of view. This means there’ll be either zero or minimal disruption during transactions, reducing the likelihood of your net cash flow being unnecessarily impeded by abandoned transactions.

It ensures regulatory compliance 

In 2019, the Strong Customer Authentication (SCA) requirement was introduced as part of a wider directive affecting online payments in Europe. This stipulates that two-factor authentication must be utilised for transactions, unless data points indicate them to be low risk or unlikely to be fraudulent. 

The integration of the 3D Secure authentication process into payment options for small businesses means entrepreneurs can feel confident that they are complying with anti-fraud regulations.

How to implement 3D Secure

As we mentioned earlier, a key advantage of 3D Secure is that it’s part and parcel of electronic payment systems, with the major card networks each boasting their own iteration of the protocol. Visa has Visa Secure, Mastercard has Identity Check, and American Express has SafeKey.

As a merchant services provider which operates in accordance with the highest card payment industry security standards, SumUp supports the 3D Secure protocol when handling transactions made by both you and your customers. 

So, whether you’re making online payments to wholesalers for your food and drink business using your SumUp Mastercard, or your customers are purchasing products from you via social media payment links, the transactions will all be protected.