3D secure
Discover the security protocol that offers an additional layer of verification to prevent fraud in your customers' online transactions.
Introduction
3D secure is a security protocol that seeks to confirm the identity of people conducting online transactions to increase the protection of credit or debit card purchases and prevent fraud.
To perform this validation, your customers will have to enter a security code or a password to verify that they are indeed the cardholders.
Scope
Currently, this solution is available for Mastercard and Visa cards in Argentina, Brazil, Mexico, Colombia, and Peru.
| Country | Mastercard | Visa |
|---|---|---|
| Argentina | ✅ | ✅ |
| Brazil | ✅ | ✅ |
| Mexico | ✅ | ✅ |
| Colombia | ✅ | ✅ |
| Peru | ✅ | ✅ |
| Chile | 🔜 | 🔜 |
Benefits
| 🛡️ Security | Strengthens security in online transactions by verifying the cardholder's identity. |
| ✅ Trust | Provides more security to your customers, as they will know that you will take additional measures to protect their financial data and prevent possible scams. |
| 🫱🏽🫲🏼 Shared responsibility | Shares responsibilities with merchants, which incentivizes them to implement appropriate security measures and protect cardholders from unauthorized transactions. |
| 💪🏼 Reduction of chargebacks | Reduces the number of chargebacks for unauthorized transactions. This will benefit the effort and costs you dedicate to managing fraud issues. |
| ⭐️ 3DS version 2.1.0 | At Pomelo, we support version 2.1.0. It provides increased security, better user experience, adaptive authentication, wide compatibility, and regulatory compliance. |
Liability shift
By implementing 3D secure, cases where the transaction was successfully authenticated will no longer be your responsibility in the event of fraud, meaning you will not have to assume the costs in that dispute. Adopting this technology reduces your exposure to risk and can generate significant savings.
Operation
This protocol works in two ways: with a frictionless flow or with a challenge flow. The choice between one or the other depends mainly on the risk you are willing to take.
You will be able to configure anti-fraud rules that best suit your business and thus build the desired experience for your users.
For example, you can configure business rules so that all transactions follow the challenge flow, but this may affect your users' purchase experience. On the other hand, you can also establish rules in which not all transactions require a challenge, in which case it will be important for you to make the necessary adjustments to balance the experience without taking excessive risks.
In both cases, your role as an issuer will be to verify the cardholder's identity before authorizing an online transaction.
Next, we will explain the components of the protocol so that you understand the different flows:
| Protocol Component | Description |
|---|---|
| Access Control Server (ACS) | This is the component of the protocol that handles the authentication of the cardholder through the authentication rules you defined previously. |
| Risk-Based Authenticator (RBA) | It is a component within the ACS that returns a risk score to the ACS to decide whether the cardholder needs to be authenticated or not. |
| Directory Server (DS) | The 3D secure component that allows communication between the 3D Server and the ACS. Its main function is to validate and direct transactions so that the ACS can authenticate the cardholder during the authorization of a transaction. |
3D Secure Flows
Frequenty asked questions
Who is responsible in the event of fraud with 3D secure?
If you are not enrolled in 3D secure, you will be held responsible for the fraudulent transaction. However, by implementing this protocol, cases where the transaction was successfully authenticated will no longer be your responsibility in the event of fraud, meaning you will not have to assume the costs in that dispute.
How is a transaction authenticated with 3D secure?
Authentication is done by verifying 3 factors: cardholder identification, card information, and additional authentication (password or code).
Can I make online transactions without 3D secure?
Yes. But you will have a higher risk of fraudulent transactions occurring.
How is data security ensured in a transaction with 3D secure?
It is guaranteed through the encryption of sensitive data, authentication of the cardholder's identity, and additional verification of card information. In addition, the systems of this protocol are designed to comply with industry security and privacy standards.
What happens if authentication fails in a transaction?
The transaction will not be completed, and your customer will receive an error message. Depending on the reason for the error, it may be necessary for them to provide additional information or contact their card issuer to resolve the issue.
Which card networks support 3D secure?
Visa and Mastercard are the two main card networks that support 3D secure.