3D Secure (3DS)

Edited

What is 3D Secure (3DS)?

3D Secure (3DS) is an advanced security protocol designed to bolster the safety of online transactions. By introducing an additional layer of authentication at the point of purchase, 3DS significantly mitigates the risk of unauthorized card use and combats online fraud. This technology evaluates several factors to authenticate a purchase, including the user's location, the card's purchase history, and the accuracy of personal data provided against the bank's records.

Evolution from 3DS1 to 3DS2

3D Secure 1 (3DS1)

The initial version of this protocol, 3DS1, added an extra authentication layer through a static password or a redirect to the issuing bank’s website. Although effective in enhancing security, it often led to a less smooth user experience, particularly in mobile transactions.

3D Secure 2 (3DS2)

The latest iteration, 3DS2, overcomes these user experience challenges. It allows authentication to take place in the background, often without needing direct input from the cardholder. This improvement is due to its ability to transmit more data during the transaction, enabling risk-based authentication. The result is faster transactions with less cart abandonment, without compromising on security.

Adoption rates and impact

The adoption rate of 3DS2 varies internationally, with notable differences between regions. For instance, Canada shows over 90% adoption, whereas the U.S. is at approximately 55%. This variation means that some customers might still experience the 3DS1 process, which can be less seamless. However, 3DS2 has been shown to dramatically reduce cart abandonment (by 70%) and increase checkout speed (by 85%), according to Visa.

TOOLBX's Implementation of 3DS

TOOLBX adopts a dynamic approach to implementing 3DS, aiming to balance fraud prevention with a positive customer experience. We apply 3DS in the following ways:

  1. For the first three transactions of a customer, to establish trust.

  2. Always for orders/order deposits exceeding $500, due to the higher financial risk. (Except for payments where it's applied on all payments above $1,500).

  3. In scenarios where 3DS is not available, we add +55 to our risk scoring system. Transactions with a score above 65 go to case management for a more thorough review.

This strategy is formulated to allow genuine transactions while ensuring robust checks are in place, especially where 3DS is not available.

Limitations of 3DS

While 3DS is effective in protecting against many types of fraud, it does not cover all scenarios. Notably, it doesn't protect against chargeback or refund fraud, often termed 'friendly fraud'. This occurs when a customer makes a purchase and then requests a chargeback after receiving the goods or services, exploiting the process to gain undeserved refunds.

Furthermore, while 3DS is implemented by all card issuers, the adoption with banks will vary. This means that not all transactions are able to pass through 3DS.

Handling chargebacks in 3DS transactions

In cases where a 3DS-verified transaction results in a chargeback, the liability shifts to the card issuer, protecting the dealer from fraud-related losses. However, situations not covered by 3DS, such as friendly fraud, may require the dealer to decide whether to dispute the chargeback.

For more information on disputing a chargeback read our article on chargebacks & dispute management.