The case for 3DSecure

3DSecure allows a card holder to authenticate himself while making an online payment. It allows 3 domains to work elegantly together.

Domain 1: The card holder has the piece of mind that his card is not used without his authorization.

Domain 2: Merchants are protected from fraud and can provide the product and service without delay or extra costs.

Domain 3: Banks see that the transaction has been authenticated and are more likely to approve the transaction, to the convinience of the card holder.


In a traditional credit card transaction, a payment request is presented to the issuing bank for authorization. The Issuing bank authorizes the transaction based solely on the funds available to the card holder.

With card present, the magnetic strip on the card can be read and a signature collected. This process has now been largely superceded by Chip and PIN which gives the card holder the opportunity to identify himself via a secret PIN code.

An Ecommerce transaction is conducted online, without the possibility to access the card physically. Un-authorized usage and fraud are therefore more likely.

This is bad for the card holder who risks having his card number stolen and his funds blocked. It is bad for the merchant who has to carry the ultimate responsibility of theft. It is bad for the banks who have to expand considerable resources handling the litigation between card holder and merchant, a process known as chargeback.

The risk has been partially mitigiated with the addition of an extra 3 digit security number refered to as CVV/CVC; this number was introduced because a decade ago it was common to print the card number on every purchase receipt and this security number can never be printed or stored and has become mandatory for ecommerce.

3DSecure allows transactions to be conducted in safety online, greatly reducing the risk of fraud and chargebacks.

Verified by Visa:
The implementation of 3D Secure by Visa is called Verified by Visa.

Mastercard Secure Code: The implementation of 3D Secure by MasterCard is called Secure Code.

The Standard payment process can be summarized as follows:

Step 1: Patron complete the ticketing transcation below and enters the appropriate payment details (including credit card number) and
            clicks on a 'Submit' button.

Step 2: The bank's web server invokes an inline 3-D Secure enrollment window on your web browser.

A pop-up message will appear on screen asking you to enter the OTP. The OTP will be sent to your phone via SMS. Some banks may provide the alternative options of using a hardware token or a mobile phone application that can generate an OTP. If you are already an Internet banking customer, you should already have your mobile phone number registered with the bank. If you are not an Internet banking customer, you will be required to register your mobile phone number with your bank.

As your mobile phone number will be the primary contact for your bank to send you an OTP or SMS alert, you will need to ensure your new mobile phone number is updated with your bank.The OTP helps to protect against online fraud. It is a secure way to authenticate that the customer making the online purchase is the rightful owner of the credit card being used.

Step 3: Enter your OTP correctly for your card issuer to confirm your identity and process your payment.

Step 4: You will be redirected back to the website once your transaction has been completed.