What is a 3D secure authentication and a 3D payment gateway?
By Storeplum Editorial
Posted | 6 min read
There has recently been a lot of talk around 3D payment gateways and how they are better for your online business. Frankly, the terms 3D payment gateway and 3D secure payments are not new. In fact, you must have definitely used this technology while making an online transaction.
A lot of ecommerce merchants are also familiar with this technology but they are just not aware of its technical term. In this article, we will explain the credit card authentication mechanism, its variants- 2D secure, 3D secure and payment gateways compatible with this technology. Let's go-
Table of Contents
1. How does credit card authentication work?
2. 2D secure and 3D secure authentication
3. 3D Secure 2.0 Authentication Process
4. Benefits of 3D Secure 2.0 or 3D Payment Gateway
5. Difference between 2D and 3D payment gateways
How does credit card authentication work?
Before we jump right into the working of credit card authentication, let's understand the entities involved in the process. A typical online transaction involves 4 entities-
- Merchant acquiring bank
- Payment gateway
- Customer's issuer bank
What happens when customers enter their card details on a website?
Customer information is securely sent electronically by the payment gateway to the credit card issuer (which is also the customer issuer bank in this case) for authentication.
In case of simpler authentication mechanisms like 2d secure, the issuer bank authenticates its customer information using fields like CVV, card expiry date and other relevant fields. The gateways which support this mechanism are also known as 2d payment gateways. On the other hand, most of the merchant banks on Visa and Mastercard network require users to authenticate themselves using additional steps like one time password (OTP) verification.
Payment gateway then initiates a charge request on the credit card networks like Visa, Mastercard, JCB, Rupay and others.
If the request in step 3 is approved, the payment gateway will initiate a credit card authorization to move the requested transaction amount from customer issuer bank (bank of the cardholder) to merchant acquiring bank.
If the authorization is successful, then the merchant acquiring bank will send this information to the payment gateway.
Payment gateway puts an "authorized" record to the customer issuer bank which means that the merchant acquiring bank is authorized to move the amount from the customer issuing bank.
Finally, the money is settled into a merchant acquiring bank.
This entire process happens in a matter of milliseconds.
Although we skipped internal details of the process here, these steps should give you a fair idea on what happens when you swipe your credit or a debit card on a checkout page of an ecommerce website.
2D secure and 3D secure authentication
The ecommerce boom since the last few decades have given rise to new payment options for credit card users- online payments. With online payments, a user does not have to physically present to authenticate the card information.
This brings up new challenges with card security like fraudulent charges, identity theft etc. In order to mitigate these risks, the European Payment Services Directive (PSD) came up with authentication mechanisms for online transactions. This scenario is also known as card-not-present.
2D Secure Authentication
A 2D Secure card authentication mechanism verifies the card holder's identity using his card number, expiry date, CVV and other relevant details. There's no additional verification at this point.
As it might be evident, 2D Secure solely relies on the card issuer network and their data on user authenticity for a given credit/debit card. This still exposes merchants to chargebacks and card holders with fraudulent charges. In such cases, the issuer bank attempts to resolve malicious activities if any.
Payment gateways supporting 2D secure authentication mechanisms are also known as 2D payment gateways.
3D Secure or 3DS Authentication
3D Secure protocol on the other hand implements a multi factor authentication (MFA) which validates a card holder using a one time password (OTP) on either their registered email or phone number or both.
This additional layer of security solves risk of fraud and related data breaches which are associated with 2D secure.
This protocol is now mandatory for all banks and credit card networks in Europe, USA as well as in some other nations like India and South Africa. Payment gateways supporting this protocol for online transactions are also known as 3D payment gateway.
Although 3DS solves the problem of fraud charges and identity thefts, it imposes new challenges like higher card abandonment rates on ecommerce websites.
The 3D Secure 2.0 mechanism solves this and other new issues with 3D Secure.
3D Secure 2.0 Authentication Process
3D secure 2.0 is a massive upgrade to the original 3DS protocol. The latter was developed in a time when online shopping over mobile phones and user interfaces for smaller devices were not taken into consideration. This led to a poor user experience, massive increase in cart abandonment and overall longer times to make an online purchase. 3D secure 2.0 solves majority of these issues and guarantees a smoother ecommerce checkout experience with help of something known as contextual transaction.
Let's take a quick look at this protocol in action-
- The card holder enters their credit card information on the merchant checkout page.
- The merchant's payment gateway (which is 3DS 2.0 enabled) securely transmits this information along with transactional data to the card holder's bank to check for validity and balance.
- The issuer bank now checks for the card holder's history, context of this transaction and a sequence of other rules to automatically authenticate this transaction.
- If the issuer banks comes to a conclusion that this is a high risk transaction, then it will pass this information to the payment gateway and ask user to authenticate themselves using a one time password.
- On the other hand, if this is a low risk transaction, then the issuer bank authenticates this transaction without any additional information.
- Finally, the merchant submits transaction for an authorization to move the amount from issuer bank to the merchant asking bank.
Benefits of 3D Secure 2.0 or 3D Payment Gateway
- Built-in authentication mechanism provides a better and mobile first user experience.
- It has been seen that 3D Secure 2.0 mechanism was able to reduce card abandonment rate by 75% in ecommerce websites.
- The overall time needed to complete a checkout process of online transaction has been reduced by 80%
- Extra layer of security helps merchants to accept payments without worrying about chargeback.
- Built in support by major payment gateways for international transactions.
Difference between 2D and 3D payment gateways
|3D Payment Gateway||2D Payment Gateway|
|Card payments are completed with an extra verification of the card owner using one time password.||Card payments are completed just using credit card number and CVV|
|Stolen cards won't be of any help without one time password verification. Prevents data breach.||Less secure due to inherent fear of risks like stolen card or loss of card|
|Can accept international currencies by default||Merchants have to go through additional paperwork and documentation in order to support international customers.|
|Integration of a 3d secure payment gateway is exactly same as that of a 2d payment gateway||Integration of a 2D payment gateway is no different than integrating a 3d secure payment gateway.|
|Service providers or merchants are at a lower risk of fraudulent charges||Merchant accounts are at higher risk of facing fraudulent charges using stolen credit/debit cards.|
|3d secure technology adds an additional verification step, leading to a less user friendly shopping cart experience||Overall online shopping experience is quick and easy for merchant's customers at the expense of credit card security|
|The level of security which is implemented in 3D Secure 2.0 is accredited by Payment Services Directive (PSD)||2D secure is an old protocol which is not recommended to use due to security reasons|
Is Stripe 3D Secure?
Yes, Stripe and major payment gateways in the USA and Europe are 3D Secure 2.0 compliant. This means that as a customer, you wouldn't have to worry about credit card fraud and related issues.
How do I get a 3D secure card?
Most of the credit card networks including Visa, Mastercard, AMEX, JCB are 3D Secure 2.0 compliant. This means that your debit and credit cards are 3D secure by default in the USA and Europe.
Storeplum's in-house editorial team brings to you the best content when it comes to growing your online business on the Internet. We write about growth hacks, case studies, government schemes and other related information for e-commerce business.