facebook noscript

3D Secure Simplified with VGS

August 21, 2019

3D Secure (3DS) is a set of security standards in place to reduce fraud and add online payment security, while also creating a liability shift in terms of fraudulent activity and chargebacks.

Chances are if you’ve ever paid for a purchase online with your credit card, you’ve probably already seen 3DS in action. According to a recent study, 76% of merchants are using 3DS and 82% of users have reported a decrease in credit card fraud. This secure authentication process is meant to further protect cardholder data.

What is 3D secure and how does it work?

While 3DS has been around since 2001, its most recent form dates back to 2019. A part of the Revised Payment Services Directive (PSD2) regulation in the European Union that came into effect in 2019, 3DS is meant to help bolster strong customer authentication (SCA) and protect cardholder data.

Payment service providers must use SCA if the cardholder accesses their payment account online, if they initiate a payment transaction, or if they attempt any action that suggests fraud.

Technically, SCA is defined as a procedure that uses two or more independent methods of secure authentication and verification. These methods come from the following categories:

  • Knowledge - something the user knows
  • Possession - something the user owns
  • Inherence - something the user is

Take this example: With 3DS, a form of two-factor authentication (2FA) is required to initiate a transaction. One example is the use of credit card information for online payment, followed by an additional authentication step that may include providing the password to your card issuing bank.

3D Secure 2 (3DS2) is intended to create a smoother experience for the customer by allowing the issuing bank to easily receive additional inputs in order to verify the cardholder’s identity.

Those who have seen or used the Verified by Visa service, Mastercard’s SecureCode, J/Secure from JCB International, or American Express SafeKey, would already be familiar with the implementation of 3DS.

Why do you need 3DS?

3DS provides a number of benefits. For one, the extra level of secure authentication can increase a customer’s confidence in your company, especially when making larger purposes. Additionally, accepting a biometric scan as opposed to requiring the customer to input their password to another site, or presenting the user with an embedded frame instead of a complete page redirect, can create a less disruptive purchasing experience.

From a business perspective, 3DS creates a liability shift. With 3DS and its security measures in place, the cardholder’s issuing bank could be responsible for chargebacks and fraudulent activity instead of your company.

For those in the European Economic Union (EEU), the standards set by 3DS2 can be used to satisfy strong customer authentication (SCA), a set of 2FA requirements coming into effect in September 2019 as part of the latest implementation of the Payment Services Directive (PSD).

How can you use 3DS with the VGS platform?

You can use VGS Collect.js to securely collect your credit card data and integrate with any payment processor supporting 3DS flow.

Here is an example application of a demo SCA-ready integration: VGS Collect.js with Stripe’s 3DS payment flow. You can easily try it out and run it by yourself.

Read more in our docs.

Contact us to integrate VGS and 3DS with whichever processor you use.

Don't miss the next Developer Office Hours with our CTO

Join Us
Irina- ziakhor Irina Ziakhor


You Might also be interested in...


How to Secure Your Cardholder Data Environment (CDE) and Gain PCI DSS Compliance with VGS

Stefan Slattery August 27, 2019

Brexit and GDPR

How Will Brexit Affect GDPR Compliance?

Channin Gladden August 7, 2019

VGS Compliance Graphs

Very Good Security Selected as a Launch Partner for Expansion of Visa’s Fast Track Program to the U.S.

Stefan Slattery July 31, 2019