Understand 3D secure payments

In simple words, it is a condom for card-not-present payments. Extra protection!

Faisal Khan Banking & Payments Consultant Payment Consultant for Banks & FinTech Startups.

3D-Secure is an added security layer provided by MasterCard (SecureCode) and VISA (Verified by VISA) that essentially provide a security similar to Chip +PIN. 

Because credit card credentials can be stolen (when paying for goods) or via compromised computer, having an added layer of security can make the difference between fraudulent and non-fraudulent transactions. 

For example with SecureCode by MasterCard, when you are taken to the checkout page, you will see something like this:

Screen Shot 2015-06-25 at 10.11.13

It will ask you to enter the registered information when you had registered your card with MasterCard.

So what does registration imply? Registration would imply that you go to a website (typically of your issuing bank, the bank that issued you the card) and they will ask a lot of information about your card details. Your Data of Birth, your Social Security Number or ID Card Number, your Billing Address, your ATM PIN, etc. once all this is done, you will be asked to register (i.e. choose a code). 

Let us assume your code is 784945.  Now this is your MasterCard SecureCode.

Now, lets play out a scenario, you go out to the gas station, you fill gas in your car and hand over the card to the attendant to pay for it. Unbeknownst to you, they very quickly take a front/back picture of your card. Because it is night, they as you for your ID, which you gladly present, they look at it, and again, not knowing, they are recording every information as being shown on the ID, via a small camera in their breast pocket (of which you have no clue, or are oblivious).

Congratulations. Your card is now compromised. Now the person knows of your Name, Address, Date of Birth, Card Number, Expiry Date, CVV Code, etc. 

If they now try using this card online, where there isn't any 3D Secure technology, guess what? It will most likely go through and you'll be hit with a fraudulent transaction. 

On the other hand if they use this on a site that used 3D-Secure - despite having all the credentials, they do not have your SecureCode.... that is 784945 is what they need to complete the transaction. It wan't on your credit card when you paid, and certainly wasn't on your license. 

Gladly, with websites using 3D-Secure, your card cannot be abused. 

RB Bank does a really go job of explaining how the enrollment process at MasterCard SecureCode works:http://www.rbcroyalbank.com/credit-cards/mcsc/securecode_demo_html/secure01.html

Screen Shot 2015-06-25 at 13.49.23

Every time you shop a website that uses a processor that has implemented 3D Secure, you will see something like above.

  • By implementing 3D-Secure - you, the merchant can reduce liability. In this case, let us assume you sold iPhone and someone used a stolen credit card to purchase a phone, you'd sell it. A few days later you'd be hit with ancardholder unauthorized charge. Guess who will pay for this phone? You (the merchant!) will.
  • Flip the same scenario, with the different being, this time the merchant has implemented 3D-Secure. Guess who gets hit with the cardholder unauthorized charge? Not you! The issuing bank will now be responsible for the chargeback due to fraud. The financial liability shifts from the merchant to the issuing bank.

3D-Secure is a proven technology to combat fraud (though this itself is now debatable).  However, this does not mean that the merchant can now get away with fraud themselves. If a customer denies receipt of goods, or is not happy with the goods received, 3D-Secure will not cover this, and a reversal/chargeback can be performed.

Overall, it adds the added layer of security that merchants gladly implement, because it shifts the liability from them to the issuing bank that the payment instrument is not compromised.

There have been many studies with respect to the bounce rates, etc. But if your business is a high-risk business or one where fraud is high, you might want to opt for 3D-Secure versus non #D-Secure. 

Overall, it does introduce a step that no one likes, but it is a one-time registration.

This whole article was taken from Quora answer made by Faisal KhanBanking & Payments Consultant, which our whole team of editors and authors deeply admire as one of the Top professional in the field of fintech and payments.

Comments are closed.