3D Secure
3D Secure is a security protocol for online card payments where the cardholder performs an extra authentication step (SMS, biometrics, app) to prevent fraud.
3D Secure (developed by Visa, now 3DS 2.2/2.3) is the technical implementation of PSD2's Strong Customer Authentication requirement. A payment is routed via the issuer's ACS (Access Control Server) for risk assessment: low risk = silent approval, elevated risk = challenge (SMS/biometrics/app notification). Correct implementation shifts chargeback liability from merchant to issuer — financial protection plus fraud reduction.
Example
On a 200-euro order the issuer sends a push notification to the customer's bank app: 'Confirm payment of 200 euro to Webshop X.' Tap to confirm = transaction goes through. In frictionless (low-risk) flow, no prompt.
Frequently asked questions
Mandatory for all transactions?
In the EU: yes for most consumer payments above low limits under PSD2 SCA. Exceptions: MIT (merchant-initiated), recurring, B2B, low risk, whitelisting.
3DS1 or 3DS2?
3DS1 (1999) is end-of-life; high friction. 3DS2 (2016+) is the modern standard with risk-based authentication and better UX. For new setups always 3DS2.
Related terms
Further reading
- → Our service: Bitcoin & Fintech