What is 3-D Secure?


There’s been plenty of talk about 3-D Secure over the course of the last few years. Recently, however, we’ve been hearing a lot more about it as banks move to require that merchants offer this service to customers of their E-Commerce websites. Nevertheless, many merchants are still wondering what 3-D Secure is exactly and what it will mean for their online business.

Originally developed by Visa as Verified by Visa and since adopted by MasterCard, 3-D Secure is an additional layer of security for online credit card and debit card transactions.

Everybody remembers when the Card Security Code (a.k.a. Card Verification Value, CVV, CV2, CVC, CVVC etc…) came in. These are the three digits on the back of your credit card required to verify a transaction when you use a card online or over the phone. The idea is that it verifies the credit card in Card Holder Not Present transaction situations.

3-D Secure is the latest such security measure. Each cardholder will create a password which is associated with the card. When a transaction is underway online, the cardholder will be redirected to a third-party site representing the Card Issuing Authority, and asked for this password to authenticate the online transaction.

The obvious advantage to the cardholder is the added layer of security that a password brings. While card numbers and expiry dates etc may still be copied by fraudsters – they will also need the cardholder’s password to use the card.

But how do you, the merchant, benefit?

Without 3-D Secure, if a fraudster on the other side of the globe orders a grand’s worth of merchandise from you, and you unwittingly send it off, you are liable for this fraudulent transaction. This is the case even if the transaction is fully authorised by the CVV Number. When the legitimate cardholder complains that a fraud has taken place and demands a chargeback you must return the money paid to you as part of the transaction. So you’re out of pocket and your merchandise is lost.

However, if you have used 3-D Secure to authorize the transaction you will not be liable in the case of a fraud. Your goods are gone – but you keep the money paid for them.

At StudioForty9, we will be rolling out the 3-D Secure ready version of our HSBC Payment Gateway Module for Magento. If you have any questions about this module, or if you would like to be notified of its release (estimated as Dec. 1st, 2009) {encode=”info@studioforty9.com” title=”please contact us”}

Gerard Keohane
Gerard Keohane |