When booking planes, hotels or even buying clothes, many people pay online with their credit cards. Since this involves transferring sensitive information, special precautions must be taken to ensure customer safety. In the course of the PSD2 (Payment Services Directive in the European Union), the EU has now made even stronger demands on payment systems on the internet - and credit card companies have reacted accordingly. With the new version of the 3D Secure process, VISA and Mastercard comply with EU regulations and improve customer protection worldwide.
In 2000, VISA developed a procedure that made using credit cards on the internet safer. The company itself uses the technology, under the name “Verified by VISA”. At the same time, other credit card providers have also implemented the security mechanism. For example, 3D Secure is known as “SecureCode” (now “Identity Check”) for MasterCard, “SafeKey” for American Express and “J/Secure” for JCB.
Previously, paying via credit card on the internet was very simple: you entered your credit card information, and confirmed possession of the card with the Card Validation Code (CVC), which can be found on the back. However, this method was not particularly secure.
As E-Commerce continues to develop and more and more people use online payment methods, the interest in online fraud is also increasing. Phishing and social engineering are common ways in which criminals access data. 3D Secure was developed in order to prevent this.
In addition to the information contained on the card, 3D Secure’s authentication procedure requires additional information, such as a password, that only the cardholder knows. This is known as two-factor-authentication: two different steps are required to complete a card transaction.
Using static passwords is a security risk: if a third party acquires this information, security is compromised. Dynamic methods that adapt to each process are therefore better suited. For example, a text message with a secure code, generated according to cryptic procedures, that can only be used for one particular payment.
Both customers and online retailers were dissatisfied with the first version of 3D Secure. The website for entering the additional security factor was poorly designed, and the application and use of the required password were unclear. Furthermore, the process could not be easily integrated into mobile apps. Customers were frustrated and cancelled orders, which is never good for business.
The second version of 3D Secure - also known as 3DS2 - addresses these issues and enhances security. The new features also comply with the new EU Payment Services Directives. In addition, the credit card companies are responding to technical developments with the new version. Today, modern devices (e.g. smartphones) use authentication methods with biometric data: by fingerprint or by analyzing facial features.
3D Secure 2.0 is designed so that online merchants can integrate the procedure into the payment process, resulting in a more pleasant shopping experience for the customer. In addition, it should be an intelligent system. The authentication method therefore adapts to the risk, which means that lower security requirements apply to small amounts than to large amounts. In addition, 3DS2 can also be used for mobile payments and works with bank apps.
The 3D Secure process has advantages for both retailers and consumers, but also disadvantages.
| Pros | Cons |
|---|---|
| ✔ More security for customers | ✘ More effort for customers |
| ✔ Credit card providers bear the costs of fraud despite 3D Secure (liability reversal) | ✘ Lower conversion rates |
| ✔ Procedure is free of charge for all | ✘ 100% security cannot be guaranteed |
For customers, the 3D Secure process should make it easier and better to pay online. Rather than trying the outdated process or abandoning the security check altogether, they can now benefit from a secure and modern process. Customers should be aware of this:
Even with 3D Secure, users should pay attention on the internet when paying with their credit card. The data may only be entered if you are sure that you are on the correct website. A valid SSL certificate is an indication that you can trust the site.
The EU’s PSD2 stipulates that from 14 September 2019 online payments must meet special security standards. 3D Secure payments meet the new requirements. In order to be able to use the new procedure, online merchants must contact their payment service provider (PSP). The PSP should offer a technical solution that merchants then only have to implement in their online shop.
It is advisable for merchants to offer 3D Secure in their online stores. The new system is much more customer-friendly, takes place entirely on the merchant’s website, and increases consumer confidence in e-commerce. This in turn leads to more conversions and therefore more sales.
Just a few years ago, the prospect of paying for goods and services online was unimaginable. But in many industries today internet shopping has overtaken high street retail. As a result, online payment services like PayPal have become very popular, with many customers considering them a decisive factor when shopping online. So how do these payment gateways actually function? We’ll explain this...
Google wants to revolutionize the way you pay, both online and offline. Google Pay enables quick and simple payments between people, and stores any number of bank accounts and credit cards at the same time. The mobile payment app could even make cash superfluous in the future – replaced by cashless payment via mobile phone. Here, we explain how the service works and how you can set it up.
Mobile payment is on the advance worldwide. The leading providers of mobile payment alternatives have also gained a foothold in the United States. However, many Americans are still not convinced by the new technology. We give you an overview of the most frequently used mobile payment apps in the US, their functionality, and security features.
When it comes to making payments on the internet, customers favor security and convenience over everything else. The payment process shouldn’t take long and must meet data protection requirements - after all, this is very sensitive data. Regarding PSD2, the EU is presenting a new version of the Payment Services Directive that regulates online payments more thoroughly and promotes competition among...
Provide powerful and reliable service to your clients with a web hosting package from IONOS.
View packages
