What is it ?
3DSecure is called ” Verified by Visa” for Visa , and ” SecureCode ” with Mastercard .
This system was invented to prevent the type of fraud CNP (Card Present No ) , that is to say the fraudulent credit card payments without actual presence of the card ( stolen card numbers, for example).
The goal is :
reduce fraud for merchants.
secure customer payments .
Why visual cryptogram is not enough
An internet card payments usually requires :
The card number
Expiration date
The visual cryptogram
The visual cryptogram , are the three numbers on the back of your card usually requires that you enter when making a purchase online.
Now this information can be read visually on the map and copied , allowing payment without presence of the card , and thus fraud.
With 3DSecure , additional information will be requested to confirm the payment.
Someone who recopierait information from your card or even that you would fly could not make purchases at merchants using 3DSecure because he does not know this additional information .
3DSecure or not
For a payment 3DSecure either mode, your card must be 3DSecure and the merchant supports 3DSecure. Almost all newly manufactured bank cards are now 3DSecure.
For older, according to the banks, the changeover 3DSecure be automatic or be asked to sign an addendum to your contract. In all cases, it requires no change map or change your existing card. The transition to 3DSecure should normally cost you anything.
Note that with a 3DSecure card, you can very well continue to make purchases not 3DSecure fashion at merchants that do not support 3DSecure. These purchases will not be secured with 3DSecure.
If your card is not 3DSecure, you may or may not make purchases at merchants that are 3DSecure (The 3DSecure traders are free to accept or not to continue to accept payments with non-3DSecure cards)
In practice, you make your purchases on the internet as usual. You always enter your card number , expiry and security code , but after entering this information, you will be redirected to your bank’s website that will ask you additional information.
Once the information provided , you return to the merchant’s site that will confirm the payment.
In this scenario, your bank’s server will confirm to the merchant that you are the owner of the card.
What is authentication ?
For a 3DSecure payment When You Will Be on the website of your bank , the bank information you Will Ask That Supposed to know only you , That You Are The proving of the card owner .
Each bank is free to choose the means clustering of authentication .
Among thesis are:
Classical a password
a key card system ( paper sheet ) That your bank feels you ( naval battle style: Enter the number in column 5 , line 3).
a system for electronic box ( you enter a code displayed by an electronic box)
Date of birth
a code sent by SMS
and many others ..
Note that it is particularly lamentable that some banks are satisfied with your date of birth , as this information is often private and sometimes really easy to find. If your bank is in this case , I invite you to vigorously protest to your bank to adopt a stronger authentication system.
Legally On any normal internet buying (not 3DSecure) at no time is your identity proven (PIN or signature). This means that it is enough to challenge a payment to your bank pays you.
The responsibility is on the side of the merchant’s bank, with which your bank will claim the money.
During a purchase 3DSecure mode, if authentication is successful, there is a transfer of responsibilities to your bank. (Since she claimed that it was you who were actually paying, it can not challenge and must transfer the money to the merchant’s bank.)
And of course, your bank will transfer this responsibility to you: You will not be able to challenge a 3DSecure payment and be reimbursed.
That is why it is important that your bank takes a strong authentication method.
Note that if the authentication is unsuccessful and the merchant’s bank demands the recovery of the sum, your bank is supposed to refuse. If she accepts it anyway, you can challenge this flow and get your money back (since nothing has proved that it is you who have made payment).
3DSecure , good or bad?
In theory , it is :
This reduces fraud in shops
This reduces fraud for users
The growing adoption of 3DSecure among online merchants will make online fraud more difficult.
