3D secure was developed for merchants to further protect from chargebacks and credit card fraud. 3D secure is an XML based protocol designed to be an additional security layer for online credit and debit card transactions. It uses a 3-domain model to authorize credit cards online. The 3-domains used are the acquirer, issuer and interoperability, messages are sent over SSL/TLS connection between these 3-domains to verify the credit card.
How does 3D Secure work
When the customer has submitted their credit card number for their online purchase, their card number will be sent to the Visa/MasterCard directory in order to verify if the credit card is enrolled in the 3D secure program. If the card is enrolled the customer will be prompted enter their password into a secure iframe, once they have entered their password the transaction will then be processed by the online merchant. If the card is enrolled in 3D secure however, the customer has not yet set up their password, the merchant will still protected against any chargebacks. If the card is not enrolled in the 3D secure program once it has been confirmed, the transaction will be processed as normal without a secure password.
IVR with 3D Secure
While 3D secure is used primarily for online merchants, HostedPCI has implemented a way to use 3D secure through call centres as well. Once the card holder types their card number into the IVR system it will be sent for verification to Visa/Mastercard, if the card is enrolled the CSR will receive an email by Visa/Mastercard asking for the pin verification. At that time the CSR will forward the email to the customer for them to verify the pin, on a secure iframe linked to HostedPCI. Once the pin has been verified the CSR will get a response from the payment gateway either approving or declining the transaction.
Current 3D Secure Integrations
- Cardinal Commerce