Skip to main content Skip to main navigation
Skip to access and inclusion page Skip to search input

What is 3D secure?

3D Secure is a protocol (set of rules) that provides extra protection for merchants and customers for online payments. It is used to authenticate the cardholder during payment processing, similar to entering a PIN for an ATM or EFTPOS transaction.

The basic concept of the protocol is to tie the financial authorisation process with an online authentication. This authentication is based on a three domain model (hence the 3-D in the name). The three domains are:

  • Acquirer Domain - the merchant and the bank to which money is being paid
  • Issuer Domain - the bank who issued the card being used
  • Interoperability Domain - the infrastructure provided by the credit card scheme to support the 3-D secure protocol.

How does it work?

A transaction using 3D secure will initiate a redirect to the website of the card issuing bank to authorize the transaction. Each issuer could use any kind of authentication method (the protocol does not cover this) but typically, a password-based method is used. So to effectively buy on the Internet means using a password/code tied to the card.

Points to note:

  • 3D secure payment security is only applicable to eCommerce/Internet transactions
  • MoTo transactions (Mail Order/Telephone Order) are not affected
  • Transactions that occur via a telephone or virtual terminal i.e. MoTo do not need 3D secure (you can't ask the customer for their pass phrase as it is private)
  • Cardholder Not Present (CNP) transactions are those made when the cardholder is not physically present at the point of sale i.e. on the Internet or on the telephone
  • Conversely Cardholder Present (CP) transactions are those made when the cardholder is physically at the point of sale e.g. in a retail store.