3-D Secure is an optional additional security layer for credit and debit card transactions made online which you can choose to enroll in. The technology is known alternatively as Verified by Visa, MasterCard SecureCode, J/Secure, and American Express SafeKey.
How is 3-D Secure Different:
In a non-3-D Secure transaction, a customer types their credit or debit card data into the merchant’s shopping cart and if the credit card data is accepted by the merchant’s payment gateway, the transaction processes successfully. In some cases, a merchant might require additional security data to confirm the identity of the cardholder such as a CVV code match (the 3 digit code on the back of the card) or an AVS match (meaning the cardholder must add their zip code and it must match the zip code on file). But in many e-commerce checkout pages this additional cardholder information is not required, and even where required not a terribly difficult barrier for credit card thieves to overcome.
Enter 3-D Secure. In a 3-D Secure transaction, after the customer enters their credit or debit card data, the customer will be redirected to the website of their card issuing bank via a pop-up or iFrame within the eCommerce checkout page. For example, if your credit card was issued by Chase Bank, you’d be redirected to the Chase Bank website. Then the issuing bank conducts their own independent cardholder authentication. Each issuing bank can use any kind of authentication method they prefer, but in most cases the cardholder is either required to enter an additional password which is uniquely tied to that credit or debit card, or required to enter a one-time password they receive via an SMS text message to the cardholder’s cell phone.
The primary advantage of registering and using 3-D Secure to make online purchases is the reduced risk of having fraudulent charges made on your credit or debit card. The 3-D Secure technology achieves this in two primary ways:
It virtually eliminates fraud perpetrated via copying card details. That is to say, if a fraudster takes a picture of your credit card, or copies down the information on the card, that information alone will not give the fraudster the ability to make purchases over the internet because they will not have the additional issuing bank required password, which of course is not written on the card.
The second method of fraud reduction is that 3-D Secure enrolled cardholders are less susceptible to having their card information compromised when a business falls victim to a widespread hacking attack. If, for example, a business that you made an online purchase with is hacked and has their cardholder data stolen, the hacker will not obtain your 3-D Secure password (because the merchant never obtains this data it is exclusively provided, via the popup, to the issuing bank) and therefore the hacker will not be able to make fraudulent eCommerce transactions with your card.
Perhaps the biggest disadvantage of using 3-D Secure technology is the added hassle to the cardholder of making an online transaction. The cardholder must remember an additional password, and/or check their phone for an SMS text prior to completing an online transaction. This adds somewhere between thirty seconds and two minutes to an online transaction, which is not insignificant. And in situations where the cardholder cannot access their mobile phone or receive text messages, for example when traveling abroad, then the cardholder may be unable to complete the transaction.
Another disadvantage is that not every online business supports 3-D Secure technology. This means that those customers who have gone through the trouble of enrolling in order to enable themselves to better stay safe online, will in many cases (particularly when shopping at smaller businesses) either have to forego shopping at that online store, or make the transaction without the benefit of 3-D Secure technology.
Another disadvantage is the registration requirement. To use 3-D Secure technology you will have to enroll. And while this only takes a few minutes, it is an added hassle.
3-D Secure technology is certainly not a perfect shield against all forms of eCommerce fraud. For those who want to take precautions to lower their exposure to eCommerce fraud and are willing to trade some inconvenience in the eCommerce checkout process to achieve it, however, 3-D Secure technology is likely worthwhile.
If you decide to enroll in 3-D Secure, it is generally advisable to do so via your issuing bank’s website directly rather than via a pop-up that you see on an eCommerce site’s checkout page. That’s because in a few instances, 3-D Secure enrollment forms have been used by fraudsters as part of a phishing attack.
About the Author