3D Secure: the online equivalent of chip-and-PIN security

By Benjamin Salisbury

Though online shopping is gaining popularity every day, it is not without some concern. Many consumers worry about their card's safety, even if they are regular shoppers. But Visa and MasterCard have come up with an online equivalent to the security provided by chip-and-PIN technology: 3D Secure. Though the extra protection is not fail-proof, it has significantly improved it.

What is 3D Secure?
3D Secure stands for 3 Domain Secure because there are three parties involved in a 3D Secure transaction: the merchant's bank, the card issuer and the technical infrastructure that supports the 3D Secure protocol. 3d-secure

Visa and MasterCard developed the scheme to improve the security of online payments and to allow card issuers to authenticate cardholders at participating merchants. It is also known as Verified by Visa or MasterCard SecureCode.

"3D Secure is a fraud prevention tool, which allows shoppers to create and assign a password to their card, which is verified whenever a transaction is processed through a site that supports the scheme," Avneet Sandhu, product marketing manager at Sage Pay, explained in an emailed response to questions.

"It exists to avoid fraudulent transactions by ensuring that an online payment request must be completed with more than just card data, but also an actual customer password, thus limiting fraudsters who try to use stolen numeric card details," Rob Fernandes, product and strategy director at PayPoint said in an emailed response to questions.

To use 3D Secure, you create a password that will verify your identity for online transactions. When you make an online transaction with 3D Secure, you are redirected to a webpage from your card issuer, which asks you to enter your PIN or password, Fenandes explained. This tells your issuer that you are the one making the transaction.

"3D Secure keeps payments secure by ensuring that simply having numeric data from a card is often insufficient to complete a transaction," Fernandes said. "Put simply, it uses an additional shared secret which in theory only the cardholder and their issuer know."

The biggest benefit for consumers (and merchants) is, of course, an extra layer of security to combat card-not-present fraud.

3D Secure limitations
The biggest drawback of the scheme: not all cards are part of it. Since Visa and MasterCard run the system, only the following cards can use the 3D Secure system: Visa, Visa Debit, MasterCard, MasterCard Debit, International Maestro, UK Maestro, Laser, and Visa Electron.

JCB and Diner's Club cards cannot use the system.

Another turnoff is that it is an extra step at checkout, which can be annoying to those who want a "one click purchase".

Each additional step required at checkout increases the risk that consumers will drop out of the buying process, Sandhu explained.

See related: Protect yourself from fraud while shopping online, Consumer Rights Directive gives advantages to online shoppers

Published: 23 December 2014