What is 3D Secure & Does It Prevent Chargebacks?

As a customer, I’ve often found 3D Secure frustrating since it can delay purchases. But I wanted to understand why merchants use it and whether it’s truly beneficial for preventing chargebacks.

I’ll explain what it is, how it works, and provide other useful information.

Let’s dive into what 3D Secure is.

Key Takeaways

• 3D Secure can reduce fraud-related chargebacks by up to 70%.
• It’s compatible with all major card brands’ authentication systems.
• 3D Secure is legally required in the EU, UK, and other countries.
• The 2.0 version cuts cart abandonment by 70% over the original version.
• Ideal for merchants prioritizing secure, fraud-resistant payments.

This technology is only good for preventing fraud-related chargebacks. To prevent other chargeback types, you’ll need tools like chargeback alerts. We provide them. Learn how they can help.

While 3D Secure is effective for fraud-related chargebacks, it won’t prevent all types. To protect against other chargeback types, tools like chargeback alerts are essential.

We offer these tools. See how they can help.

What is 3D Secure?

3D Secure (3DS) is an authentication protocol that protects online card payments through additional verification steps. It connects card issuers, merchants, and payment networks to prevent unauthorized transactions.

‍

The three “D’s” in “3DS” refer to different domains:

• Acquirer Domain: The merchant’s bank or payment processor.
• Issuer Domain: The cardholder’s bank.
• Interoperability Domain: Infrastructure supporting 3D Secure protocols.

Each card brand has its own version of 3D Secure. Let’s explore those.

Summary: Makes customers authenticate purchases with passwords or biometrics.

Types of 3D Secure

You’re likely to encounter one of these 3D Secure versions:

• Visa Secure
• Mastercard Identity Check
• American Express SafeKey
• Discover/Diners Club International ProtectBuy
• JCB J/Secure

All these programs function similarly, though they have slight differences. Let’s go over them one by one.

We’ll begin with the first iteration of 3D Secure.

1. Visa Secure

Visa Secure is an authentication program that protects online purchases with your Visa card. When shopping at participating merchants, you verify your identity through text codes, emails, or security questions.

Visa was the first to roll out their 3D Secure solution, but it was under the name “Verified by Visa.”

2. Mastercard Identity Check

Mastercard Identity Check uses EMV 3D Secure technology to verify shoppers’ identities. For each purchase, it generates a unique token that requires cardholders to confirm transactions through PIN codes, SMS, or biometric authentication.

This program is exclusively for Mastercard transactions.

3. American Express SafeKey

SafeKey is American Express’s 3D Secure solution. It enhances security by authenticating cardholders at checkout, often through a one-time passcode. While similar to Visa Secure, SafeKey is specifically tailored to American Express, with unique integration features.

4. Discover/Diners Club ProtectBuy

ProtectBuy adds an extra security layer for online purchases with Discover and Diners Club. It requests authentication data, like a one-time passcode, at checkout without requiring additional software.

It’s not much different from other 3DS iterations.

5. JCB J/Secure

J/Secure is JCB’s 3D Secure implementation. It protects JCB cardholders by requiring a one-time passcode or similar verification to confirm purchases.

How does 3DS work in general?

How Does 3D Secure Work?

Most 3D Secure systems work as follows:

1. The shopper enters their card details during checkout on the merchant’s website.
2. The seller’s payment gateway sends the transaction details to the cardholder’s bank.
3. The bank checks if the card is enrolled in 3D Secure.
4. If enrolled, the customer is redirected to a secure verification page.
5. They verify their identity using SMS, biometrics, bank app approvals, or security questions.
6. The bank validates the verification response.
7. The customer is redirected back to complete the purchase.
8. The transaction processes with added fraud protection.

During verification, around 150 data points are sent, including the IP address, transaction amount, and other details. This data serves to confirm that the order is legitimate.

If the bank considers the transaction low-risk, no further authentication is required. When in doubt, 3D Secure activates, further confirming the cardholder’s identity.

Not all purchases require 3D Secure — unless mandated by law.

Regions requiring 3D Secure include:

• European Union
• United Kingdom
• Bangladesh
• Malaysia
• Nigeria
• India
• Singapore
• South Africa

3D Secure isn’t mandatory in the USA.

When 3D Secure is used, customers go through one of two flows:

1. Frictionless Flow

In the Frictionless Flow, authentication happens in the background without customer action.

Here’s what happens:

• The cardholder enters payment information on the merchant’s site or app.
• The system verifies the card’s 3D Secure enrollment.
• The card provider assesses transaction risk (e.g., purchase amount, location).
• If low-risk, the transaction is authenticated and approved automatically.
• The cardholder receives payment confirmation.

Here, the card provider uses advanced data analysis to assess the transaction's risk level.

If deemed low-risk, the payment proceeds without further authentication.

This flow offers a friction-free experience for the customer while still benefiting from the security of 3DS.

2. Challenge Flow

In the Challenge Flow, higher-risk transactions require further authentication.

Here’s the process:

• The cardholder submits payment information.
• The system verifies the card’s 3D Secure enrollment.
• The card provider flags the transaction for additional verification.
• The cardholder is redirected to a secure 3D Secure page.
• The cardholder completes authentication via:
  • One-time SMS code
  • Pre-set password or security question
  • Biometric data (e.g., fingerprint or facial scan)
• After authentication, the cardholder returns to the merchant’s site to complete the purchase.
• The cardholder receives payment confirmation.

This happens when the card provider determines that the transaction is higher risk or requires more verification.

Here’s an example of what that would look like:

Source: Visa

There’s one more thing we need to cover before moving onto a different topic.

What are ECI Indicators?

An Electronic Commerce Indicator (ECI) is a 2-digit code assigned during 3DS transactions. Representing the authentication outcome of the cardholder's identity check. These codes, made by the Directory Server and Access Control System (ACS), help merchants gauge transaction security.

ECI codes classify transactions as::

• Successful: Cardholder identity confirmed by the issuer.
• Attempted: Customer isn’t enrolled in 3D Secure.
• Failed: Authentication unsuccessful.

Different 3D Secure iterations (e.g., Visa Secure, ProtectBuy) have unique ECI indicators for each status. For instance, Visa uses “06” for attempted authentication, while Mastercard Identity Check uses “01.”

Most payment processors require ECI indicators for authorization requests. Skipping these may lead to fines, account termination, or blacklisting from future credit card processing.

You likely want to know whether 3DS prevents chargebacks. Let’s figure that out.

Summary: A 2-digit code that represents an authentication outcome.

Does 3D Secure Prevent Chargebacks?

Some platforms report that 3D Secure reduces fraud-related chargebacks by up to 70% [1]. Another study suggests that Visa Secure reduces fraud dollars lost by 40% [2].

But:

3D Secure primarily guards against fraud-related chargebacks. It doesn’t cover other chargeback types, like merchant errors, which account for about 40% of all chargebacks.

Non-delivery, customer dissatisfaction, and processing errors fall under this category.

3D Secure can help prevent “friendly fraud,” which constitutes up to 75% of chargebacks. As well as true fraud, making up about 1% of disputes.

While these figures may not fully align across sources, they emphasize that fraud prevention requires multiple tools.

I digress.

There isn’t a single fraud code that’s used among all card brands. You’d need to refer to the different chargeback reason codes that fall under this category.

Explore these guides for more information:

• Visa reason codes
• Mastercard
• Discover/JCB
• American Express

Reducing chargebacks requires a multi-faceted approach. Let’s explore other preventive measures.

Summary: It can help reduce fraud-related chargebacks.

Additional Methods to Prevent Chargebacks

Here are other ways to prevent chargebacks:

• Chargeback alerts: Get alerts to respond quickly and prevent disputes.
• Order Insight and Consumer Clarity: Increase transparency.
• Clear return policies: Minimize confusion with well-communicated return processes.
• Accurate product descriptions: Ensure product details match customer expectations.
• Strong customer support: Resolve issues directly before they escalate to chargebacks.

Let’s dive deeper into each of these methods.

Chargeback alerts charge per alert and let you know ahead of time when a chargeback is coming. Giving you a chance to refund the customer before it escalates. If you refund them, there’s no dispute. Meaning, no chargeback to add onto your chargeback rate.

From one study, we’ve noticed that each of the following enrollments prevented the following numbers of disputes:

• Ethoca Alerts: 57%
• Rapid Dispute Resolution (RDR): 31%
• Consumer Dispute Resolution Network (CDRN): 12%

Combined, these prevented up to 91% of chargebacks for a website. Everyone won’t see these results. As the results will vary by industry, product sold, and other factors. But if you’re looking for an effective way to prevent them…

This is the way:

‍

Wait…

What do “CDRN”, “Ethoca”, and “RDR” even mean? They’re all different alert enrollments. The main difference among them is the card networks they support.

We cover the differences more in depth in a separate piece.

Consumer Clarity (Ethoca/Mastercard) and Order Insights (Visa/Verifi) is more-so for orders customers “forgot” they made.

They’re basically digital receipts that give customers more details on their purchases. Their objectives are to reduce friendly fraud chargebacks. This dispute type makes up for more than 70% of all disputes.

Are they effective?

• Western sellers reduced chargebacks by up to 23% with Consumer Clarity.
• Latin American sellers saw up to a 70% reduction.
• Order Insights prevented 45 – 70% of eligible chargebacks.

You have a lot of ways to prevent chargebacks available. And we cover more prevention methods in a separate guide. Check it out.

If your chargeback rate gets too high, you’ll need to consider chargeback management services. They’ll cost an arm and a leg to use, but they combine the above tools and more to lower your chargeback rates.

These are only necessary if you’re in a dispute monitoring program. Sticking with chargeback alerts and the other above tools should be good enough in many cases.

Otherwise:

Focus on the fundamentals of your business.

Improving your product descriptions, policies, and customer service also lowers chargeback and churn rates. Making your descriptions more accurate may also help prevent you from breaking any false advertising laws.

Now you know some ways to fight chargebacks. Is 3D Secure worth adding to your arsenal of tools?

Glossary: Churn rate is the percent of customers that stop doing business with you.

Benefits of Using 3D Secure

The key benefits of using 3D Secure are:

• PSD2 compliance: Ensures compliance with PSD2 in the EU, securing online transactions.
• Liability shift: Transfers fraud liability from the merchant to the card issuer after authentication.
• Reduced churn: Provides a secure, seamless checkout that can reduce abandoned carts.
• Increased credibility: Enhances customer trust with added security.
• Interchange benefits: May lead to lower interchange fees and better payment terms with some acquirers.
• Fraud reduction: Adds an authentication layer to minimize fraud.
• Device and wallet support: Enables secure payments across digital wallets and in-app purchases.

Most of these require context and clarity. We already covered 3DS’ effectiveness in combating fraud. And support across devices is self-explanatory.

Let’s begin with something that’s not.

1. PSD2 Compliance

The Revised Payment Services Directive (PSD2) is an EU regulation designed to enhance online payment security, promote innovation, and reduce fraud across Europe.

It mandates Strong Customer Authentication (SCA) for most electronic payments. Requiring two-factor authentication to verify the identity of the person making a transaction. 3DS complies with PSD2 by enabling SCA through multi-factor authentication.

Merchants who use 3DS can meet PSD2 requirements. Ensuring legal compliance and avoiding penalties that could arise from non-compliance.

2. Liability Shift

A liability shift means that, when a payment is authenticated through 3D Secure, the responsibility for any fraudulent chargeback moves from the merchant to the card issuer (the bank).

3DS enables this shift…

Here’s a guide that’ll teach you more about liability shift and how 3DS can play a role in that.

3. Less Churn

3D Secure can reduce churn by providing customers with a secure and trustworthy shopping experience. Giving them confidence that their payment details are protected.

Although adding steps can create friction, 3DS 2.0 is designed to minimize this by offering a more seamless and user-friendly authentication flow. Oten within the payment page itself.

Studies have shown that 3DS 2.0 reduces cart abandonment by 70% compared to 3DS 1.0 [3]. As it allows for a smoother experience through biometric options and risk-based authentication.

4. Increased Credibility

3D Secure’s added security layer reassures customers that their payments are protected.

This boost in credibility fosters trust, potentially increasing customer loyalty and attracting new customers who value secure payment options.

5. Interchange Benefits

Interchange fees are transaction fees merchants pay to card issuers and banks. Using 3D Secure can sometimes result in lower interchange fees because authenticated transactions are less risky for banks to process.

Some acquirers may reward merchants with favorable rates or extended payment terms, which can help reduce operational costs.

Yeah, yeah. I’m getting to the cons.

Potential Downsides of 3D Secure

Adding 3D Secure often increases transaction time, taking an average of 37 seconds per purchase, with authentication typically lasting 5 seconds or more [4]. This friction results in an estimated 22% of payments being lost due to extended wait times.

The 3DS frictionless flow was reported in only 9% of transactions between February and March 2022. Data collected before most major cards adopted 3DS 2.0 in October 2022.

I’ll explain the differences 3D Secure 2.0 made in a bit.

There’s another factor to consider, though.

Even if someone isn’t living in a country that requires 3D Secure, it could become a nightmare to travelers.

The Points Guy tested 3D Secure with popular credit cards in Greece and Japan. Popular tourist spots.

He had to call his bank with one of the purchases in Greece. And in Japan, he had to create a separate account to create a separate account because the issuing bank didn’t set up required security protocols. But when he attempted to do this, none of his cards worked.

After trying 4 cards, he got it to work, but then he was redirected to another page.

I can’t do this case study justice. You’d need to check it out.

How would you use 3D Secure?

How to Activate 3D Secure for Your Business

To activate 3D Secure, contact your acquirer. They’ll guide you through any required software updates or plugin installations.

Otherwise, implementation requires a lot of complex backend stuff that I couldn’t begin trying to explain.

You’ll need to contact card brands (e.g., Visa and Mastercard) for more information on implementation.

3D Secure 1.0 vs. 3D Secure 2.0

Unlike 3DS 1.0’s static passwords, 3DS 2.0 uses biometric and dynamic authentication for added security. It also integrates seamlessly across devices, reducing checkout friction.

While 3DS1 often interrupts transactions with redirects, 3DS2 minimizes this with in-app verification and risk-based authentication. Allowing up to 95% of transactions to proceed without extra customer input.

This has resulted in a 70% reduction in card abandonment and improved checkout times by 85% [5].

Additionally, with 3DS2, liability for chargebacks often shifts to the card issuer. Protecting merchants from fraud-related losses and enhancing customer satisfaction.

It also supports non-browser payment methods like:

• In-app purchases
• Mobile wallets
• Digital wallets (e.g., Apple Pay)
• Wearable devices

Then there’s liability shift.

Under 3DS 1.0, sellers were always liable for fraudulent chargebacks. With 3DS 2.0 activated, the issuer becomes liable for such chargebacks. Since you did your due diligence to prevent fraud.

And that’s it for this guide.

FAQs

How Do I Know If I Have 3D Secure?

Merchant sites that support 3D Secure will display a logo. Such as Verified by Visa, MasterCard SecureCode, American Express SafeKey, JCB J/Secure, or Discover ProtectBuy

Do All Credit Cards Have 3D Secure?

Not all credit cards use 3D Secure, but most major networks offer it. Visa, Mastercard, and American Express include this security feature by default. While optional in most countries, 3D Secure is mandatory for online transactions in the EU and select nations.

Wrapping Up

3D Secure is a double-edged sword, but has made a lot of improvements with the implementation of 3DS 2.0. It has proven to reduce fraud by a large amount, but can add friction to purchases and potentially increase churn rates.

3D Secure is a double-edged sword. It’s effective in reducing fraud but can add friction to checkout, But it can increase churn.

If 3D Secure doesn’t suit your needs for chargeback prevention, consider chargeback alerts, which can prevent up to 91% of disputes.

We offer access to all major alert providers. Give them a try.

Sources

• [1] Do you need 3D Secure? Chargeback Gurus. 7/28/2021.
• [2] Visa Secure. Visa. Requires information for data.
• [3] 3DS 2.0 vs. 3DS 1.0. Nuvei. 10/24/2022.
• [4] One in five payments are lost through 3D Secure. Ravelin. 
• [5] What is 3DS? Payments Journal. 3/07/2019.