In the age of eCommerce, customers have more ways to pay than ever. Online credit card payments, digital wallets, and more have emerged onto the scene as a necessary part of shopping online. Of course, since the customer is not present with their credit card in hand, online transactions require additional security measures to verify the customer's identity.
As technology advances, and the way we do business changes, fraudulent activity also adapts. Criminals are always willing to take on the newest technology, and eCommerce businesses are pitted against them in a digital arms race. Card-not-present (CNP) transactions are naturally harder to verify, so additional security measures need to be in place to prevent fraud.
3D Secure (3 Domain Secure) 2.0 implements new technology to shift the burden of fraud prevention away from the merchant and to the payment provider. A customer's transactions and identity are verified through a system that utilizes a large amount of information to determine whether a payment is fraudulent or valid, while keeping the customer's checkout experience as smooth as possible.
The major credit card providers have each implemented 3D
Secure 2.0 in their own way to create their own branded services.
Discover's 3D Secure 2.0 implementation is ProtectBuy, available on the Discover and Diner's Club cards. It works by sending customers a one-time verification password if their transaction is identified as high-risk. Learn more about Discover ProtectBuy.
Visa was the original developer of 3D Secure 1.0, a previous version of the technology. Verified by Visa offers enrollment for eCommerce stores as well as individual cardholders who want to use an extra layer of security wherever they shop. Learn more about Verified by Visa.
Mastercard SecureCode is an extra layer of credit card security based on the 3D Secure 2.0 protocol, and is designed to protect both cardholders and merchants from the fraudulent activities of online thieves. When an enrolled cardholder shops at a participating online store, they'll need to use a personal code to verify their transactions. Better yet, the SecureCode Plus option exchanges authentication data in the background, determining if the customer's purchase matches their known devices, location, buying habits, or other behavioral patterns. Learn more about Mastercard SecureCode.
American Express offers a 3D Secure 2.0 implementation in SafeKey, which is targeted at merchants rather than individual customer enrollment. When a high-risk transaction is detected, SafeKey sends a time-sensitive request in which the customer is given 10 minutes to enter a One-Time Code (OTC) and/or the 3-digit number on the back of their card. Learn more about American Express SafeKey.
3D Secure 2.0 works in the background, transferring data between the online merchant and the customer's credit card provider. The transferred data covers multiple aspects of the customer's shopping history that can help verify their identity, such as the device they're using, their spending patterns, and more. The more data transferred, the more secure the identification, resulting in decreased fraud as well as fewer false-positives.
Since data is exchanged directly between the merchant and the card issuer, the customer doesn't experience any inconvenience on their end — no browser redirect, and in most cases no need to enter additional authentication information. Only about 5% of transactions are identified as high-risk and will require customer verification. The verification itself takes only a few moments and is not inconvenient to the customer. For example, a one-time passcode may need to be entered, and biometrics-enabled devices like Apple's Touch ID may require the customer to enter their fingerprint.