What Is The 3D Secure Protocol?

Date First Published: 26th July 2023

Topic: Cybersecurity

Subtopic: Security Mechanisms & Technologies

Article Type: Computer Terms & Definitions

Difficulty Level: 7/10

Learn about what the 3D Secure protocol is in this article.

The 3D Secure protocol, also known as the 3DS protocol, is designed to add an extra layer of security for credit card and debit card transactions online. It is an XML protocol that uses SSL to authenticate peers, the server, and the client using digital certificates. This prevents card information from being stolen and protects against chargebacks for transactions that were not authorised. It is a popular method for securing online payments and is used by VISA, MasterCard, American Express, and others.

The term '3D' refers to the 'three domains' that interact using the protocol, not three-dimensional shapes. This includes the merchant's bank accepting card payments (acquirer domain), the organisation that issued the card being used in the online transaction (issuer domain), and the payment systems that act as connectors between the acquirer domain and the issuer domain (interoperability domain).

How Does The 3D Secure Protocol Work?

The 3D Secure protocol works by providing an extra layer of security for the merchant and the customer, preventing card information from being stolen. After passing the 3D secure authentication process, the merchant is no longer responsible for it. The responsibility is passed onto the card issuer, which will handle any refunds and is liable for any fraudulent chargebacks. This will improve customer confidence since customers will feel more confident if they know there is an additional level of security in place to protect their sensitive data.

The steps involved for customers are:

• The cardholder enters their credit card or debit card information.
• The system checks whether the card details are valid and if the card has been registered for 3D Secure.
• The cardholder is redirected to a separate or embedded frame if 3D secure is enabled.
• The redirect or embedded frame contains instructions for the cardholder to verify their identity. It could be with a security question and answer or a one-time secure PIN number sent as a text message to the cardholder's phone or as an email.
• The payment will be authorised if the cardholder enters the correct information.
• The customer is then directed back to the merchant's website to receive a confirmation of their purchase.

Disadvantages Of The 3D Secure Protocol

Although 3D Secure guarantees transaction authenticity, it does come with some disadvantages. The greatest disadvantage is that it often appears as a popup to users. Since popups can be considered spammy, customers may be unsure whether the popup is legitimate. The problem for the cardholder is determining whether the popup window or frame is actually from their card issuer or a fraudulent website trying to steal their details.

For example, the Verified by Visa system has received some criticism as it can be difficult for users to differentiate between the legitimate Verified by Visa pop-up window or inline frame and a phishing site. This is because the popup window is served from a domain name that is not the site where the user is shopping and not the card issuer. It has been mistaken for a phishing scam by some users.

Another disadvantage of the 3D secure protocol is that the transaction will take longer due to authentication. Adding extra steps to the checkout process is more time-consuming for customers, which can lead to a decline in conversion rates and confuse them. Some customers may also have difficulty remembering their security questions, reducing the chances of them completing their purchase. In addition, 3D Secure can sometimes interrupt a customer's checkout process, causing them to abandon their shopping cart.

Comments