What is 3D secure?
3D Secure is a protocol (set of rules) that provides extra protection for merchants and customers for online payments. It is used to authenticate the cardholder during payment processing, similar to entering a PIN for an ATM or EFTPOS transaction.
The basic concept of the protocol is to tie the financial authorisation process with an online authentication. This authentication is based on a three domain model (hence the 3-D in the name). The three domains are:
- Acquirer Domain - the merchant and the bank to which money is being paid
- Issuer Domain - the bank who issued the card being used
- Interoperability Domain - the infrastructure provided by the credit card scheme to support the 3-D secure protocol.
How does it work?
A transaction using 3D secure will initiate a redirect to the website of the card issuing bank to authorize the transaction. Each issuer could use any kind of authentication method (the protocol does not cover this) but typically, a password-based method is used. So to effectively buy on the Internet means using a password/code tied to the card.
Points to note:
- 3D secure payment security is only applicable to eCommerce/Internet transactions
- MoTo transactions (Mail Order/Telephone Order) are not affected
- Transactions that occur via a telephone or virtual terminal i.e. MoTo do not need 3D secure (you can't ask the customer for their pass phrase as it is private)
- Cardholder Not Present (CNP) transactions are those made when the cardholder is not physically present at the point of sale i.e. on the Internet or on the telephone
- Conversely Cardholder Present (CP) transactions are those made when the cardholder is physically at the point of sale e.g. in a retail store.