As businesses grow, so does the need for digital payment solutions that keep customers' data safe without compromising their online experience. 3D Secure, a go-to authentication protocol for protecting payments, is one solution to this challenge. In 3D Secure 2, this established framework gets an upgrade with an emphasis on stronger defences and a smoother customer experience.

The rise of mobile and digital transactions has paved the way for protocols such as 3D Secure 2. The global 3D secure payment authentication market was estimated to be worth $1.2 billion in 2023. Businesses need a system that integrates effectively with their existing platforms – offering robust protection while elevating the payment experience. Below, we'll explain what 3D Secure is, how it works and how businesses can implement it to help adapt and optimise their payment systems, while meeting the demands of their customers.

What's in this article?

• What is 3D Secure?
  
• How does 3D Secure work?
  
• Benefits of implementing 3D Secure
  
• 3D Secure 1 vs 3D Secure 2
  
• Common misconceptions about 3D Secure
  
• Challenges and drawbacks of 3D Secure
  
• How to implement 3D Secure into your payment system
  
• How Stripe Payments can help
  

What is 3D Secure?

3D Secure, which stands for "Three-Domain Secure," is an authentication protocol that adds an extra layer of verification for online credit and debit card transactions. The protocol was initially developed by Visa under the name "Verified by Visa."

While conventional transactions require only card details and a security code, a 3D Secure transaction prompts the cardholder for an additional password, one-time code sent to their mobile device, or biometric verification. This step usually takes place in a pop-up window or an in-app interface.

How does 3D Secure work?

The 3D Secure process is a multistep, multiparty operation that provides an additional layer of security for online transactions. The protocol hinges on interactions among the card issuer, the acquirer and the interoperability domain. Below we'll break down each step of the process.

1. Customer initiates a transaction: When a customer decides to make a purchase online, they input their card details on the business's website.
   
2. Business requests authentication: The business's server recognises the need for 3D Secure authentication and submits a request for the issuer to authenticate the cardholder.
   
3. Customer provides extra authentication: The issuer then prompts the cardholder for additional information, usually through a pop-up window or an in-app interface.
   
4. Issuer authenticates the transaction: Once the cardholder provides the requested information, the issuer evaluates it to authenticate the transaction. The issuer sends a response back.
   
5. The transaction is completed: The customer completes the transaction and the business delivers the goods or services.
   

Benefits of implementing 3D Secure

• Reduced risk of fraudulent transactions
  The 3D Secure technology vets transactions in real time by requesting additional identification steps from customers. This eliminates the majority of unauthorised transactions and leads to an overall decrease in fraud-related costs for businesses. Fewer chargebacks also means a more favourable rating with banks. In 2024, e-commerce fraud losses totalled an estimated $44.3 billion globally, which highlights the scale of fraudulent transactions that businesses face.

• Increased customer trust and confidence
  For shoppers, an extra layer of authentication is a green light that it's safe to proceed. This increased confidence can reverberate through the customer lifecycle, helping convert one-time buyers into repeat customers and turning occasional shoppers into brand advocates.

• Compliance with regulatory standards
  Legal compliance is an unavoidable part of doing business in the digital age. Regulatory bodies frequently update their guidelines, and it can be difficult to keep up. Incorporating 3D Secure can help you stay compliant and avoid hefty fines and legal complications. A reputation for stringent compliance can also become a market differentiator, offering wary customers a solid reason to choose your platform over a less secure competitor.

3D Secure 1 vs 3D Secure 2

EMVCo introduced the update for 3D Secure 2 (from 3D Secure 1) in October 2016, but adoption and full implementation by businesses, issuers, and payment gateways was not immediate. There was a broader push for the adoption of 3D Secure 2 in 2019, as a result of several new regulations – including the EU's Revised Payment Services Directive (PSD2) and its requirements for Strong Customer Authentication (SCA).

While 3D Secure 1 and 3D Secure 2 are both authentication protocols for online credit card payments, they have key differences in their design and customer experience. Here's how they compare:

Customer experience

• 3D Secure 1: Customers were redirected to a separate authentication page, which sometimes resulted in a more disruptive checkout experience.
  
• 3D Secure 2: Designed in part to improve customer experience, it minimises interruptions during checkout. Usually, only high-risk transactions require additional authentication.
  

Mobile integration

• 3D Secure 1: because it wasn't optimised for mobile experiences, this sometimes led to non-responsive or awkwardly displayed authentication pages on mobile devices.
  
• 3D Secure 2: built for mobile use, it's optimised for smoother mobile integrations and works well with mobile apps and browsers.
  

Data points

• 3D Secure 1: used fewer data points during the authentication process.
  
• 3D Secure 2: uses many more data points (such as transaction history and device information) for a risk-based assessment. This allows for smarter authentication, where low-risk transactions may not need additional verification.
  

Frictionless flow

• 3D Secure 1: typically required a password or some form of static authentication from the cardholder.
  
• 3D Secure 2: introduces a "frictionless flow", where certain transactions can be authenticated without the need for cardholder interaction.
  

Scope of transactions

• 3D Secure 1: Mainly focused on card-not-present transactions.
  
• 3D Secure 2: Broader in scope and covers more transaction types, including mobile payments and card-on-file transactions.
  

Regulation and compliance

• 3D Secure 1: Predated some of the modern online payment regulations.
  
• 3D Secure 2: Designed to comply with the EU's Revised Payment Services Directive (PSD2), especially its requirement for Strong Customer Authentication (SCA) for online transactions.
  

Issuer and business communication

• 3D Secure 1: had limited ways for issuers and businesses to communicate about transactions.
  
• 3D Secure 2: facilitates more direct communication between issuers and businesses, allowing for real-time decision-making based on transaction risk.
  

Both protocols provide a secure environment for online credit card transactions, but the implementation of 3D Secure 2 introduces advances in customer experience, mobile optimisation and adaptive authentication methods. This new iteration allows for a more modern and user-friendly solution for online commerce.

Common misconceptions about 3D Secure

There are several misconceptions about 3D Secure that can affect a business's decision to implement the technology. Being aware of these common misconceptions is important when making an informed choice. Here's a closer look:

Misconception 1: It’s a bulletproof solution to fraud

While 3D Secure reduces the risk of fraudulent transactions substantially, no system is perfect. The technology acts more like a highly trained watchdog than a fortress with impenetrable walls. Consequently, a balanced strategy should involve multiple layers of security measures, including but not limited to 3D Secure, to combat different types of fraudulent activity most effectively.

Misconception 2: It slows down transactions

There is a perception that 3D Secure adds unnecessary delays to transaction time. However, the extra few seconds that authentication takes can save time in the long run by reducing the number of transactions that need to be investigated for fraud. The potential for reduced chargeback fees and other fraud-related costs can compensate for any minimal delays in transaction time.

Misconception 3: It’s only for high-risk industries

Some people believe that 3D Secure is beneficial only for sectors such as luxury goods or online gambling, where high-value transactions are common. However, this is not true. Businesses across many different sectors can benefit from added security, even businesses that don't operate in high-risk industries. 3D Secure is like an insurance policy: it's better to have it and not need it, rather than need it and not have it.

Challenges and drawbacks of 3D Secure

While 3D Secure has many benefits, challenges and drawbacks also exist, which businesses may face when implementing this technology.

• Increased friction at checkout
  Adding 3D Secure without creating extra barriers at checkout can be a challenge. You don't want customers to exit the transaction process because they encounter a cumbersome authentication process. Although the intent of 3D Secure is to add a layer of safety, customers who see this as an inconvenience are less likely to complete their purchase.

• Complexity in customer experience
  Adding multiple steps to the checkout process can overcomplicate the customer experience. The less intuitive a payment process, the more likely a customer will abandon it. A payment experience should be as smooth as possible while maintaining necessary security measures, a balance that is sometimes challenging to maintain with the inclusion of 3D Secure.

• Operational demands
  Implementing 3D Secure often means making changes to existing systems and processes. This could involve updating IT infrastructure and employee training, as well as ensuring that customer-service representatives are equipped to handle related queries. The initial investment in time and resources can be considerable, which might deter some businesses from adopting the technology.

• Liability concerns
  While 3D Secure shifts some liability for fraudulent transactions away from businesses, the conditions and terms governing this shift can be complicated. Not every fraudulent scenario is covered, and businesses must remain vigilant in their antifraud measures. A misplaced sense of security could make businesses less cautious, which could have harmful long-term repercussions.

Even though 3D Secure has its potential challenges, the right planning can offset these issues. One option for businesses is to work with a strong, comprehensive payment provider such as Stripe.

How to implement 3D Secure into your payment system

Incorporating 3D Secure into your payment system adds an extra layer of security that acts as a preventive measure against fraudulent transactions. Stripe provides comprehensive support for 3D Secure 2, a more advanced and user-friendly version of this security protocol. Here are some things to consider around implementation:

• Integrate with Stripe's APIs
  Stripe facilitates 3D Secure 2 through its payment APIs and Checkout feature. Integrating these tools into your system protects high-risk transactions from potential fraud. A key advantage of using Stripe's integration is its capability to apply 3D Secure 2 when the cardholder's bank supports it, and revert to 3D Secure 1 when necessary.

• Focus on mobile applications
  Mobile apps demand a smooth transaction flow. Stripe's iOS and Android SDKs enable in-app authentication, creating a more direct experience for customers. This prevents customers from being redirected to external pages, which can interrupt the payment process. Even if a bank doesn't support 3D Secure 2, Stripe's mobile SDKs will showcase 3D Secure 1 in a webview embedded in your app.

• Prioritise customer experience
  3D Secure 2 has been developed with smartphones in mind, allowing banks to update their authentication methods. For example, customers might authenticate a payment using their fingerprint or face ID, instead of traditional passwords or text messages. This new technology promotes a better transaction experience, with fewer interruptions.

• Embrace web and mobile checkout flows
  3D Secure 2's design embeds the challenge flow within both web and mobile checkouts, eliminating the need for full-page redirects. If a customer confirms their identity on your website or application, they'll see the 3D Secure prompt within a modal on the checkout page.

• Stay up to date with regulations
  If you do business in Europe, the enforcement of Strong Customer Authentication (SCA) is key. SCA mandates more stringent authentication for European payments, making the customer experience of 3D Secure 2 invaluable. Through the use of 3D Secure 2, businesses can minimise any potential negative impact on conversion rates.

• Use the flexibility of 3D Secure 2
  Stripe's adaptability with the 3D Secure 2 protocol permits certain transactions to skip authentication and use the "frictionless" flow, especially if they're deemed low risk. However, if the payment provider asks for an exemption and the transaction uses the "frictionless" method, the liability shift benefits might not apply.

Incorporating 3D Secure 2 into your payment system can help to prevent fraud while ensuring that the payment experience is as user-friendly as possible. By leveraging Stripe's tools and following the above guidelines, businesses can achieve a balanced combination of security and usability.

How Stripe Payments can help

Stripe Payments provides a unified, global payments solution that helps any business – from scaling start-ups to global enterprises – accept payments online, in person and around the world.

Stripe Payments can help you:

• Optimise your checkout experience: Create a frictionless customer experience and save thousands of engineering hours with prebuilt payment UIs, access to 125+ payment methods and Link, a wallet built by Stripe.
  
• Expand to new markets faster: Reach customers worldwide and reduce the complexity and cost of multi-currency management with cross-border payment options, available in 195 countries across 135+ currencies.
  
• Unify payments in person and online: Build a unified commerce experience across online and in-person channels to personalise interactions, reward loyalty and grow revenue.
  
• Improve payments performance: Increase revenue with a range of customisable, easy-to-configure payment tools, including no-code fraud protection and advanced capabilities to improve authorisation rates.
  
• Move faster with a flexible, reliable platform for growth: Build on a platform designed to scale with you, with 99.999% uptime and industry-leading reliability.
  

Learn more about how Stripe Payments can power your online and in-person payments or get started today.