3D Secure: Strengthen online authentication and minimize friction Global adoption of 3D Secure is on the rise with card program providers now able to provide seamless authentication methods to cardholders to mitigate fraud

3D Secure

With billions of people avoiding brick-and-mortar stores due to COVID-19, it’s no surprise that global online transactions are rising. E-commerce sales in the U.S. during May 2020 surpassed those of the entire 2019 holiday season, according to some studies.1Adobe Blog: ‘Online Shopping During COVID-19 Exceeds 2019 Holiday Season Levels’ by Giselle Abramovich, June 12, 2020 In Europe, e-commerce sales in Germany, one of the region’s largest e-commerce markets, are expected to increase 20% alone in 2020, according to eMarketer.2eMarketer: Germany ecommerce sales will rise 16.2% in 2020, June 24, 2020 However, this substantial growth in digital payments has given fraudsters new opportunities to steal card credentials to make unauthorized purchases.  

On top of this new environment, Strong Customer Authentication (SCA) requirements under Payment Services Directive 2 (PSD2) are set to go into effect at the end of this year in most European countries, putting even more pressure on merchants and card issuers to secure online transactions.

With so many factors at play, card program providers need to think carefully about how they will protect their cardholders. One way to reduce risk while helping to meet regulatory requirements is by enabling 3D Secure.

3D Secure: a brief introduction 

The Three-Domain Secure (3D Secure or 3DS) is a security protocol created by EMVCo (a body made up of the major card networks) that protects online payments by enabling cardholders to authenticate themselves prior to authorization of payment. To cardholders, it is commonly known as Visa Secure or Mastercard SecureCode. The name 3D comes from the three domains involved in providing this added security:

The acquirer domain (i.e., the merchant)

The interoperability domain (i.e., the card network)

The issuer domain (i.e.,, the card issuer or card program provider)

For more information about the protocol, you can reference our 3D Secure resources

Improvements to 3D Secure protocol should drive global adoption

3D Secure often gets a bad rap — terms like “conversion killer” and “cart abandonment” have often been associated with the solution, because it requires cardholders to provide additional verification on certain transactions. While this criticism may have been valid with early versions of 3D Secure, cardholders, merchants, and issuers are seeing early benefits in the latest version of the protocol, 3D Secure 2 (3DS2 or EMV 3DS):

Merchants can share hundreds of contextual data points about the transaction with the card issuer to determine risk level.

Merchants and card issuers can leverage frictionless flow to remove extra verification steps for the cardholder when they believe the transaction is low risk or such steps are not required by law.

The protocol works across multiple channels, including online and mobile devices, giving cardholders seamless experiences anywhere they shop.

These enhancements should drive readiness in regulated markets like Europe, and also drive early adoption in unregulated markets that are less familiar with the benefits of 3D Secure. 

Marqeta, as an issuer processor, is one of the first providers to get certified on the EMV 3D Secure 2.2 protocol benefiting card programs that want to adopt the latest, user-friendly approaches to authentication.

New innovations in authentication are cutting out friction

Long gone are the days of having to use hard-to-remember, static passwords to establish your identity. Card programs can now utilize the latest technologies including fingerprint, facial scanning, and voice recognition to authenticate cardholders. These innovations, often incorporated into mobile apps, are minimizing steps in the checkout flow. Cardholders are also becoming increasingly comfortable with these new methods to verify their identity. 

With Marqeta, card program providers can customize the authentication experience to meet the unique needs of their cardholders using our open APIs. One example is our customer Twisto, a Central European financial services company, who is incorporating their own in-house risk data and the latest in biometric fingerprint technology to verify cardholders. 

“Our customers expect a seamless checkout experience with our mobile app and we knew we needed to find a solution that would help us reduce fraud, while also providing us full control over the cardholder experience. With Marqeta’s 3D Secure APIs, we were able to easily design the authentication process without adding unnecessary friction to the customer experience, and are now positioned to expand into new markets faster and more securely.” – Twisto Founder and CEO, Michal Smida

3D Secure shouldn’t be viewed as just a risk or compliance tool alone — it can help build trust with cardholders.

Marqeta recently surveyed over 4,000 consumers in the U.S. and U.K. about their shopping habits and experience with fraud. Surprisingly, 87% of respondents said that they would be “happy for transactions to take longer to complete, if extra steps for authentication meant their information was better protected.” This is good news for card program providers who are concerned that 3D Secure will add unwanted friction to the online shopping experience, potentially driving down card usage. With an added layer of security presented by card program providers in a seamless way, cardholders can comfortably shop online even more, knowing their card details are better protected.  

3D Secure will become a major part of e-commerce, partly due to regulations, but also due to the security and seamless experience it brings to cardholders to reduce online fraud. 

With Marqeta 3D Secure, card program providers can implement a customized authentication experience that their cardholders can trust without significantly impacting their shopping experience. Learn more about Marqeta 3D Secure.

Leave a Reply

Your email address will not be published. Required fields are marked *