What is 3D Secure?

3D Secure is a protocol (set of rules) that provides extra protection for merchants and customers for online payments. It is used to authenticate the cardholder during payment processing, similar to entering a PIN for an ATM or EFTPOS transaction.

You have almost certainly seen 3D Secure in action if you’ve recently shopped online. This usually takes the form of an “One Time Password” (OTP), sent to your mobile, email address, or via your banking app installed on your smartphone.

The basic concept of the protocol is to tie the financial authorisation process with an online authentication. This authentication is based on a three domain model (hence the 3-D in the name). The three domains are:

  • Acquirer Domain – the merchant and the bank to which money is being paid
  • Issuer Domain – the bank who issued the card being used
  • Interoperability Domain – the infrastructure provided by the credit card scheme to support the 3-D secure protocol.

How does it work?

A transaction using 3D secure will initiate a redirect to the website of the card issuing bank to authorize the transaction. Each issuer could use any kind of authentication method (eg SMS or mobile app) but typically, a password-based method is used. So to effectively buy on the Internet means using a password/code tied to the card.