3D Secure is an online service designed to make online shopping transactions safer by authenticating a cardholder's identity at the time of purchase. 3D Secure is the generic name, but the different card schemes have their own names for the technology such as Verified by Visa, MasterCard SecureCode and American Express SafeKey.
How does it work?
When someone makes a purchase from an online retailer who is using 3D Secure, the payment system automatically requires the card holder to provide more information to verify that they are owners of that credit card. If the card holder has not used 3D secure before they are asked to register for the scheme after authenticating themselves. This is done with the card scheme e.g. Visa, MasrterCard etc. Once they are registered the user sets up a password. They are then prompted to use for all future transactions that require 3D authentication.
What are the benefits?
It is a bit like Chip and PIN for the Internet. If an online merchant implements 3D Secure they can be protected from chargebacks on credit and some debit card transactions. However the rules surrounding this are very complicated and so this position is not as clear cut as Chip and PIN payments.
So what are the problems?
There is a raft of problems associated with 3D secure. Each card scheme and in certain case each card issuer has a different registration process. This means that users may need to have multiple passwords. As with all things banking the passwords are complicated and require a mix of upper and lower case letters, numbers and symbols. Users who have never registered are often out off by the registration process and sometimes believe this is actually a phishing exercise designed to grab their personal data
What does this mean for retailers?
Managing fraud online is very complicated. 3D secure is often a barrier to card holders completing the transaction process. Either they fail to register or drop out of the payment process because they cannot remember their password. MasterCard suggest that up to 52% of users might abandon transactions at this point. For online retailers this is a big problem. They either use 3D secure and lose a large percentage of customers at the point of payment or they suffer high levels of fraud. Many online retailers have abandoned 3D secure in favour of fraud engines which can sift out the fraudsters while letting good customers complete purchases. However even these are not foolproof and can either let a bad transaction take place or block good ones from happening
So what is the future?
Banks being banks nothing will change soon. However we can expect to see a variety of alternative solutions come to market over the next few years designed to make online shopping as safe for online retailers as Chip and PIN has done for their bricks and mortar equivalents.
What about the agreed delay?
While the delay makes it technically optional to run 3D Secure (3DS) payer authentication on card transactions, most banks will have already implemented the associated changes and updated their fraud profiling accordingly. Whilst non-validated transactions will not be systematically rejected for the duration of the grace period, it is highly recommended that 3DS is attempted regardless. 3DS is the route most likely to be chosen by issuers as part of their implementation of SCA and merchants need to conduct strong transaction risk analysis to help prove to their acquirers that they have fraud prevention "top of mind".