3D SECURE
3D-Secure (Three-Domain Secure) is a secure user authorization protocol. This is a technology that ensures security when conducting financial CNP transactions without a physical card. Verified by Visa and Mastercard SecureCode - implementations of 3D-Secure payment systems Visa and Mastercard.
To ensure the security of online payments, authentication through three independent domains is used. Two of them will be owned by banks. The acquirer is the service provider, for example, an online store and the issuer, the one that issued the buyer's card. The third is the interoperability domain provided by the payment system.
Each of them plays a role in creating an additional authorization step. With 3D-Secure, a transaction requires not only information about the participants' accounts, but also additional confirmation from the buyer. He or she will still need to enter card details - card number, expiration date, CVC2 code, and sometimes the name of the cardholder - for the first payment step. This data is checked for correctness, after which the buyer must confirm that it is he who is making the payment.
By default, 3D-Secure uses an SMS to the financial number linked to the card, the code from which will need to be entered on the secure payment page. This guarantees independence from device features, for example, if the bank's application cannot be installed on the phone or it cannot connect to the Internet. If the user has a smartphone that supports face or fingerprint recognition technology, the transaction can be confirmed using Face/Touch ID. And if the banking application is installed, you can agree to the write-off by following the link to the secure page inside it. As soon as the transaction is confirmed, the data on the possibility of the transaction is transferred to the acquiring bank, the money is debited from the buyer's account and transferred to the seller.
3D-Secure is aimed at ensuring security for both parties to the transaction, but primarily for the service provider. If the customer has explicitly agreed to pay with an additional authentication step, then there can be no legal claims against you. In addition, the online store does not get access to the customer's data, it remains on the payment server of the issuing bank, and vice versa. All information used in the transaction process will be reliably protected from theft by third parties. Any problem with a secure transaction, including a fraud attempt, becomes the responsibility of the bank that issued the customer's card, not you or your client, who may not even know that the attackers have gained access to their data.
For now, 3D-Secure is not a mandatory technology, and the party (customer or online store) whose card or service does not support it is responsible for any problems with the transaction. Consumers who are aware of this will simply refuse to deal with an unreliable supplier of goods or services. Those who frequently shop online are used to standard Mastercard SecureCode and/or Verified by Visa payment pages and will not trust a store that does not use 3D-Secure.
3D-Secure is a mandatory technology for all projects that plan to accept online payments. It is already included in all reliable online payment services, and even small banks provide it as a service to their users.
In the EU, the delayed PSD2 directive will soon come into effect, which obliges all online suppliers of goods and services to use 3D-Secure, and it is possible that a similar bill will appear in Ukraine.
The use of 3D-Secure increases not only the security of transactions, but also customer confidence and thus conversion.