Breadcrumb

What Is 3D Verification?

Written by

The GoCardless content team comprises a group of subject-matter experts in multiple fields from across GoCardless. The authors and reviewers work in the sales, marketing, legal, and finance departments. All have in-depth knowledge and experience in various aspects of payment scheme technology and the operating rules applicable to each. The team holds expertise in the well-established payment schemes such as UK Direct Debit, the European SEPA scheme, and the US ACH scheme, as well as in schemes operating in Scandinavia, Australia, and New Zealand. See full bio

Last editedMar 20222 min read

3D verification is designed to add an additional layer of security at checkout to authenticate cardholders during payment processing. With 3D verification customers are asked to complete an extra step with their card issuer when they're purchasing an item or service online. This typically involves them being directed to an authentication page on a bank’s website, where they have to enter a password associated with their card. Customers may also need to enter a code that’s been sent to their phone.

Most customers are now familiar with the credit card authorisation process, and recognise their card issuer’s brand names for 3D verification – for example, Visa Secure and Mastercard Identity Check.

In this post we’ll ask what is 3D security and explain how to set up 3D secure for your business.

What is 3D secure authentication and how does it work?

3D secure authentication is based on a three-domain model (which is why it’s called 3D). These domains are:

Acquirer domain: The merchant and the bank into which payment is made
Issuer domain: The card issuer
Interoperability domain: The infrastructure provided by the credit card scheme required to support the 3D secure authentication

3D secure works by initiating a redirection to the card issuer’s website to authorise a transaction. Issuers can use any authentication method they prefer, but generally, it’s via the use of a password or code that’s linked to the user’s card.

What is “3D secure authentication failed”?

When users receive a “3D authentication failed” error it means that the information wasn’t entered successfully. Cardholders need to repeat the process, and check that double caps lock isn’t on and there are no typing errors. Verification could also fail if you have a pop-up blocker installed which restricts the additional 3D page from opening. Once you’ve disabled the pop-up blocker it should be possible to continue to the authentication page.

Most major card providers now use 3D secure technology; however, it could be the case that your bank isn’t yet enrolled in the 3D secure authentication program.

If the error remains after re-entering the passcode, it’s a case of contacting the card issuer to resolve the problem.

What is 3D secure applicable to and which countries use it?

3D secure is applicable to ecommerce and online payments, i.e., “card not present” transactions. It doesn’t apply to mail order or telephone order payments. Transactions carried out over the phone or via a virtual terminal do not require 3D secure authentication. The reason: Asking someone for a code or password over the phone would not be private.

3D secure is used in the EU, Australia, Brazil, India, Mexico, and other countries. It’s not prevalent in the US, however.

What are the advantages of 3D security?

3D security offers numerous benefits including:

Helping to prevent fraud
Protecting against unauthorised chargebacks
Passing liability to a card payment provider
Preventing card details being stolen

Once a payment is approved the merchant no longer remains liable for chargebacks and refunds, so 3D authentication benefits sellers as well as consumers.

What is 3D security set up?

It’s easy to set up 3D authentication on a website simply by linking a 3D secure API to the shopping cart. Ecommerce platforms like Shopify can do this for you automatically. 3D secure authentication is also standard with many payment gateways.

To be able to accept credit card payments with 3D authentication you’ll need to have a merchant account to hold processing funds. You’ll also need to make sure you are PCI compliant so that you’re keeping customer data safe while it's being stored, processed, and transmitted.

Being fully PCI compliant, and incorporating 3D security protocols, is the best way to ensure your customers have the safest experience when shopping in your online store.

We can help

GoCardless helps you automate payment collection, cutting down on the amount of admin your team needs to deal with when chasing invoices. Find out how GoCardless can help you with ad hoc payments or recurring payments.