In 2000, VISA developed a procedure that made using credit cards on the internet safer. The company itself uses the technology, under the name “Verified by VISA”. At the same time, other credit card providers have also implemented the security mechanism. For example, 3D Secure is known as “SecureCode” (now “Identity Check”) for MasterCard, “SafeKey” for American Express and “J/Secure” for JCB.
Previously, paying via credit card on the internet was very simple: you entered your credit card information, and confirmed possession of the card with the Card Validation Code (CVC), which can be found on the back. However, this method was not particularly secure.
As E-Commerce continues to develop and more and more people use online payment methods, the interest in online fraud is also increasing. Phishing and social engineering are common ways in which criminals access data. 3D Secure was developed in order to prevent this.
In addition to the information contained on the card, 3D Secure’s authentication procedure requires additional information, such as a password, that only the cardholder knows. This is known as two-factor-authentication: two different steps are required to complete a card transaction.
Using static passwords is a security risk: if a third party acquires this information, security is compromised. Dynamic methods that adapt to each process are therefore better suited. For example, a text message with a secure code, generated according to cryptic procedures, that can only be used for one particular payment.
Both customers and online retailers were dissatisfied with the first version of 3D Secure. The website for entering the additional security factor was poorly designed, and the application and use of the required password were unclear. Furthermore, the process could not be easily integrated into mobile apps. Customers were frustrated and cancelled orders, which is never good for business.
The second version of 3D Secure - also known as 3DS2 - addresses these issues and enhances security. The new features also comply with the new EU Payment Services Directives. In addition, the credit card companies are responding to technical developments with the new version. Today, modern devices (e.g. smartphones) use authentication methods with biometric data: by fingerprint or by analyzing facial features.
3D Secure 2.0 is designed so that online merchants can integrate the procedure into the payment process, resulting in a more pleasant shopping experience for the customer. In addition, it should be an intelligent system. The authentication method therefore adapts to the risk, which means that lower security requirements apply to small amounts than to large amounts. In addition, 3DS2 can also be used for mobile payments and works with bank apps.