What is 3D Secure and How Does It Work?

Please note that this article is intended for educational purposes only and should not be deemed to be or used as legal, employment, or health & safety advice. For guidance or advice specific to your business, consult with a qualified professional.

Buying and selling over the Internet is an important avenue for most businesses. Yet online payments come with their own concerns around security and personal data. 3D secure is an additional authentication check that helps with card security online. This article will help you to understand how 3D Secure works and how it could benefit your small business.

What is 3D Secure?

3D Secure is a multi-factor authentication mechanism developed by several card issuers. It’s used online where Strong Customer Authentication (SCA) is required. SCA is not a requirement everywhere, but 3DS ensures the same buyer experience across all countries – regardless of whether the transaction is taking place in a country that requires SCA or not.

During online transactions, after your buyer completes their card details and postal code, Strong Customer Authentication demands that they also provide extra authentication details. 3D Secure authenticates the customer via a two-factor process, usually with an additional password or SMS code.

What is Payments Services Directive 2?

The Second Payments Services Directive (PDS2) is European legislation for online payments which came into force January 2016 and was made law in 2018. It may sound complicated, but in effect, the legislation aims to boost customer protection and financial security online.

PDS2 is an influential step towards a Digital Single Market Europe and makes sure that Payment Service Providers (PSP) in the EU are supervised and complying with regulations.

A key development is that customers are able to use Payment Initiation Providers to access their payment account online to pay, streamlining the payment process.

Why is 3D Secure important?

Having financial security is important to both buyers and sellers. Not only can 3D Secure help your customers feel confident making purchases online, but there are heaps of benefits for your small business too.

Advantages for Sellers:

Less risk of loss – the extra authentication makes it harder for the bad guys to make fraudulent payments, so there is less loss of payment for your business.

Higher customer confidence – increased customer confidence in your security will mean a customer is more likely to purchase your products. A win-win for your small business!

Merchant Satisfaction – reap the rewards of reduced disputed transactions and increased sales.

Safer International Transfer – it’s safer to accept international payments with 3D Secure.

Advantages for Customers:

More protection – enhanced authorisation reduces the risk of corrupt activity, improving customer confidence to purchase online.

Improved user experience – 3DS protocol helps with customer satisfaction and streamlines the purchasing process.

Security – 3D Secure uses Secure Sockets Layer (SSL) encryption to ensure the online transaction is safe.

How does 3D secure work?

The European regulation, Strong Customer Authentication (SCA), helps to make electronic payments more secure in both the UK and Europe. SCA verifies payment makers and reduces the risk of fraud.

Your customers will be asked to complete additional authentication before finalising the payment for your product or service. 3D-Secure 2 implements either a challenge flow, where more information is requested, or a frictionless flow where your customers can complete their checkout immediately. Square has been implementing SCA compliant flow with the updated 3DS2 since January 2021.

As mentioned earlier, 3DS implements SCA requirements. It authenticates customers by requesting information based on something they know, something they own, or something they are. This could include a:

  • Pin or password
  • Secret fact
  • Memorable word
  • Confirmation from a mobile banking app
  • Fingerprint
  • DNA signature

If your customer cannot provide this additional information and complete the authentication when prompted, the payment will be declined by the cardholder’s bank.

How is Square 3D Secure compliant?

If your small business already uses Square products, lucky you! You don’t need to make any changes. Square products have already been refreshed to meet SCA legislation. Online transactions through Square will implement 3D Secure, unless it is seller initiated and SCA is not required. Person payment technologies such as Square Point of Sale API or Square Reader SDK, do not require any further updates. Partners that use Square developer products must check that they’re SCA compliant.

For sellers outside of the areas in which SCA is a legal requirement, you can use Risk Manager to opt in to use 3DS.
Using 3D Secure reduces the chance of online fraud. Not only does Square help sellers prepare for SCA, but it also uses other low-friction methods of authentication including facial recognition.

Square cares about the security of your business and invests in industry-leading security to help your company manage online payments.

How does Square help to take safe online payments?

Square is committed to protecting your business with Square Secure. When customers go to buy your product through your Square Online site with a Square Checkout Link, or if they pay a Square Invoice, they will be asked to complete another security step (3D-Secure 2) before completing their transaction. As mentioned above, if your small business is already using Square, don’t worry – you don’t need to make any changes.

How else can you boost security?

Your customer’s security should always be a top priority. There are various services and methods that you could use to compliment your businesses security system. Some of the most effective security measures include:

Implement TokenisationTokenisation provides another level of security to online card payments. It protects sensitive data, like your customers card number, with a token of algorithmically generated numbers. This random combination of numbers makes it difficult for fraud to occur.

Ensure your company is PCI CompliantPayment Card Industry Data Security Standard (PCI DSS) is a set of requirements for businesses to make sure you can safely and securely accept, process, and transmit customer data.

Consider a Payment Gateway – a Payment Gateway is a service that securely processes online payments through your website, or card reader if the transaction takes place in store. It allows you to accept payments by connecting payment processors to your merchant account.

With Square, you don’t need to pay for a Payment Gateway to keep the fraudsters out. Our services process payments end-to-end, making PCI compliance super easy for you. With Square hardware, your customers data is encrypted and secure.

Thanks to new security technology and innovation, it’s never been easier to protect your customers data. At Square, we make it simple. Feel confident that you and your customers are secure online as Square helps you to accept every payment safely.