To protect themselves against illegitimate chargebacks, e-commerce services have the option to use 3D Secure, i.e., a mechanism to authenticate cardholders with two-factors.
- 3D Secure brand identities;
- 3D Secure sequence of steps;
- 3D Secure, to increase security; and
- 3D Secure: To shift liability.
3D Secure brand identities
The 3D Secure brand identities are:
|Visa||Verified by Visa|
|American Express||AMEX SafeKey|
3D Secure sequence of steps
In practice, a 3D Secure authentication for a buyer is a sequence of four
|1||Cardholder inputs its credit card number and CVC code.|
|2||Payment provider redirects to issuer’s 3D Secure authentication page.|
|3||Cardholder answers challenge: pass- word, birthdate, code sent to phone or email.|
|4||Cardholder redirected to merchant’s website by issuer.|
3D Secure, to increase security
By using 3D Secure, e-commerce services know that the cardholders are
authenticated with two factors, which reduces the likelihood that the
payments made are fraudulent, but merchants are also insured against the losses
due to payment fraud. This protection is called the liability shift.
If the buyer successfully completes the 3D Secure challenge, then the merchant
is granted the guarantee of the payment. However, if the client does not
successfully complete the challenge and the merchant still wants to process the
payment, then the merchant is liable when the payment is a fraud.
3D Secure: To shift liability
The liability shift is a sort of insurance for payments made with 3D Secure
authentication. It protects merchants against the losses due to payment fraud
by transferring the responsibility to the issuing banks, whose role was to
authenticate the cardholder. However, limits apply to the liability shift.
For example, if more than 2% of an e-commerce service’s sales volume is
fraudulent, the card networks will look carefully at the merchant account and,
if the fraud rate does not reduce rapidly, the e-commerce service may become
liable for the 2%+ charge- backs.
And if the situation does not improve, the e-commerce service may lose its
ability to accept payments from this card brand, which is a catastrophic
scenario for a merchant.