Looking for the v10 manual? Visit our new user's guide!
Search Descriptions Version
This article applies to: ML8

3D Secure

What is 3D Secure?

3D Secure stands for Three Domain Secure which is an XML-based protocl that is used as an added layer of security for online credit and debit card transactions. This has been developed by major card companies. Visa calls their version 'Verified by Visa' while MasterCard call theirs 'MasterCard SecureCode'. Both are referred to as 3D Secure.

Basically, internet transactions are classed as 'cardholder not present' (CNP) transactions, which makes it hard to identify and confirm that the legitimate cardholder is the one entering the card details. 3D Secure technology was developed to reduce the frequency of fraudulent card use by authenticating the cardholder at the time of the transaction. In turn, this will reduce the incidence of disputed transactions and chargebacks.

How it works

The protocol aims to integrate the financial authorization process with the online gateway authentication. This is based on a three domain model made up of the Acquirer Domain (the merchant and the bank to which money is being paid), the Issuer Domain (the bank which issued the card being used) and finally the Interoperability Domain (the infrastructure provided by the credit card scheme to support the 3D Secure protocol). It uses XML messages sent over SSL connections with client authentication.

A transaction using 3D Secure will be redirected to the website of the card issuing bank, where the cardholder will go through an authentication method. The authentication method is not covered by the protocol, but it is usually a password-based method. The main difference between Visa and MasterCard implementation is the method to generate the AAV (Accountholder Authentication Value). For MasterCard, they use UCAF (Universal Cardholder Authentication Field). Visa uses CAVV (Cardholder Authentication Verification Value).

How to configure

To configure 3D Secure go to the AppConfig page and search for 3dSecure.CreditCardTypeIDs, then enter the Credit Card Type IDs you want to use 3D secure on.

The following gateways support 3D Secure Natively:

- CardiaServices
- Moneris eSELECT Plus
- Cybersource
- Protx

The following gateways use Cardinal Commerce to obtain CAVV and ECI:

- Authorize.net
- eProcessingNetwork
- QuickCommerce
- NetBilling
- PayFlow Pro
- Paymentech
- SecureNet