Payments - authentication.

(3DS).

3D Secure is a security protocol used by Visa and MasterCard to combat fraud in online credit and debit card transactions.

It is branded as ‘Verified by Visa’ and ‘MasterCard SecureCode’.

The name 3D Secure derives from 3-domain structure.

The authentication is a three-part process, with three parties involved:

• the card issuer, such as Visa or MasterCard
• the acquirer, and
• the interoperability domain, such as the payment system.

When a customer uses a card that is enrolled in the 3D Secure programme:

1. The customer enters their card information via the merchant's website
2. The acquirer contacts a directory server and gets the message that the card is registered in the 3D Secure programme
3. The customer sees the 3D Secure page when they need to authenticate themselves to the issuing bank by entering a password or a one time PIN, often sent to a smartphone
4. The result of the 3D Secure authentication goes to the merchant, and the merchant submits transaction details to the acquiring bank
5. The transaction is authorised by the acquirer
6. The customer sees the response about whether the transaction succeeded or failed

In the case of a fraudulent transaction, once it has been authenticated through 3D Secure, it is very likely that liability will shift to the acquirer.

3D Secure is also known as payer authentication.

See also

• PSD2
• Regulatory Technical Standard
• Strong Customer Authentication
• Two-factor authentication