3D Secure Authentication
3D Secure provides an additional level of protection against fraudulent payments and is supported by most card issuers. The Strong Customer Authentication regulation was introduced in September 2019 in Europe and mandates the use of 3D Secure when making card payments online. When enabled, 3D Secure requires cardholders to complete an additional verification step which is controlled by the bank that issued the card. Typically, this involves showing the cardholder a verification page on their bank’s website. This page usually asks the cardholder to enter a password linked with their card or a single-use code sent to their phone. All card schemes brand the service differently, such as Verified by Visa and Mastercard SecureCode.
How 3D Secure benefits merchants
Payments that are successfully authenticated using 3D Secure are covered by shift in liability from a chargeback perspective. This means that if cardholder disputes a 3D Secure authenticated payment as fraudulent, the liability shifts from the merchant to the card issuer and such payments are not eligible for a chargeback in this category.
A shift in liability can also occur if the card or issuer isn’t 3D Secure enabled but could support 3D Secure which most cards today do. In such cases, the cardholder isn’t taken through the 3D Secure authentication flow when making a payment since the card is not registered for 3D Secure. However, the liability still shifts to the issuer because they have chosen not to enable 3D Secure.