Loading...
Search results:


June 6, 2017

About 3D Secure: Brand identities, protocol, security, and liability shift

About 3D Secure: Brand identities, protocol, security, and liability shift

To protect themselves against illegitimate chargebacks, e-commerce services have the option to use 3D Secure, i.e., a mechanism to authenticate cardholders with two-factors.

  1. 3D Secure brand identities;
  2. 3D Secure sequence of steps;
  3. 3D Secure, to increase security; and
  4. 3D Secure: To shift liability.

3D Secure brand identities

The 3D Secure brand identities are:

Card brand Mechanism
Visa Verified by Visa
MasterCard MasterCard SecureCode
American Express AMEX SafeKey

3D Secure sequence of steps

In practice, a 3D Secure authentication for a buyer is a sequence of four
steps.

Description
1 Cardholder inputs its credit card number and CVC code.
2 Payment provider redirects to issuer’s 3D Secure authentication page.
3 Cardholder answers challenge: pass- word, birthdate, code sent to phone or email.
4 Cardholder redirected to merchant’s website by issuer.

3D Secure, to increase security

By using 3D Secure, e-commerce services know that the cardholders are
authenticated with two factors, which reduces the likelihood that the
payments made are fraudulent, but merchants are also insured against the losses
due to payment fraud. This protection is called the liability shift.

If the buyer successfully completes the 3D Secure challenge, then the merchant
is granted the guarantee of the payment. However, if the client does not
successfully complete the challenge and the merchant still wants to process the
payment, then the merchant is liable when the payment is a fraud.

3D Secure: To shift liability

The liability shift is a sort of insurance for payments made with 3D Secure
authentication. It protects merchants against the losses due to payment fraud
by transferring the responsibility to the issuing banks, whose role was to
authenticate the cardholder. However, limits apply to the liability shift.

For example, if more than 2% of an e-commerce service’s sales volume is
fraudulent, the card networks will look carefully at the merchant account and,
if the fraud rate does not reduce rapidly, the e-commerce service may become
liable for the 2%+ charge- backs.

And if the situation does not improve, the e-commerce service may lose its
ability to accept payments from this card brand, which is a catastrophic
scenario for a merchant.

Credits : Image by Michal Jarmoluk from Pixabay