Snippet: In many ways, the evolution of the card networks’ 3-D Secure protocol is a reflection of how the world of e-commerce has changed. As with any process of change, growing pains are inevitable; in the case of 3-D Secure, they’ve been there right from the start.

In many ways, the evolution of the card networks’ 3-D Secure protocol is a reflection of how the world of e-commerce has changed. As with any process of change, growing pains are inevitable; in the case of 3-D Secure, they’ve been there right from the start. Looking back over the development of the protocol invites us to reflect, not only on the improvements it promises but also on the challenges that the industry has faced along the way.

Stepping up e-commerce security measures

The first online shopping transaction took place in 1994. The following year, Amazon launched as an online bookstore, forever changing the e-commerce landscape. Fraudsters were quick to capitalize on the opportunities presented by this rapidly-growing sector, luring consumers to fake websites and harvesting credit card details. The move from magnetic stripe to EMV made card fraud at the point of purchase much harder, serving as another motivation for fraudsters already shifting their attention to the world of card-not-present commerce.

The industry began to recognize the need for stepping up security measures for online shopping. Visa initiated the development of a protocol that would add a security layer for online card transactions, partnering with Arcot Systems to develop a solution. In 2001, Verified by Visa, the first application of the 3-D Secure protocol, was introduced. Mastercard followed with SecureCode in 2002, while JCB and American Express later launched J/Secure and American Express SafeKey respectively.

Good intentions: to protect consumers

Protecting against card-not-present fraud was 3-D Secure’s raison d’etre but online shoppers were often too frustrated by the protocol to feel gratitude at its introduction. They found its activation and authentication processes – both their timing and design – especially irksome.

When it comes to online security, consumers are frequently warned to ensure that they only visit TLS-secured websites, especially when they are expected to enter personal information. But the pop-up screens or windows of 3-D Secure show no address bar, making it very hard for consumers to tell where the pop-up window comes from or whether they are (still) using a secure site.

Another piece of advice consumers often hear is to be wary of sites that ask for passwords. In allowing activation during shopping, some issuing banks would ask consumers to choose a 3-D Secure password the first time they shopped online, and then to enter the password when prompted to do so. Apart from the risk of consumers entering sensitive information into a phishing site, these less-than-perfect security measures also encourage unsafe online behaviour. Consumers grow accustomed to entering sensitive information into a website or pop-up screen that they cannot be sure actually is their bank’s 3-D Secure implementation, in essence ignoring online security best practices.

Strong payments security meets great UX

A new 3-D Secure protocol, 3-D Secure 2.0, was designed to address these security issues while going a long way towards solving a closely related problem with most existing implementations: a high degree of user friction.

Friction during the checkout process is one of the main factors contributing to shopping cart abandonment. It’s a huge concern for all stakeholders. Research indicates that 18% of shoppers abandon their carts due to friction in the checkout process.

Consumer Report:  App-based banking and payments DOWNLOAD OUR REPORT HERE

The initial 3-D Secure protocol had a number of factors that contributed to shoppers abandoning their carts. For consumers unfamiliar with the 3-D Secure process, pop-up screens demanding sensitive information and passwords could easily be mistaken for a security threat, in which case the safest option would be to quit. The requirement to input a static or one-time password – often forgotten in the case of the former, involving a clumsy juggling of devices in the case of the latter – sounded a distinctly false note at a sensitive point in the payment process. Add to that operational issues such as slow loading speeds for authentication pages, timeouts, device incompatibilities, and delayed one-time passwords, and it’s no wonder that 3-D Secure became almost synonymous with friction.

3-D Secure reimagined with RBA

The 3-D Secure protocol was reimagined to keep up with changes in the digital commerce landscape, including that all-important factor: evolving consumer behavior. Given that the value of payments made on mobile devices is expected to reach US $4.6 trillion by 2025, optimizing 3-D Secure for mobile devices was arguably the most crucial new requirement.

EMV 3-D Secure, as 3-D Secure 2.0 became known, boasts a number of improvements over the original protocol. The biggest improvements stem, to a large extent, from the standard’s greater reliance on risk-based authentication (RBA). Using contextual data, the risk of each transaction is determined, and the cardholder is only required to verify their identity when it is deemed high-risk. Termed “frictionless flow”, this approach promises to enhance the customer experience by allowing over 90% of transactions to be processed without user involvement.

EMV 3-D Secure also adds a mobile software development kit component, making it easy for merchants to integrate 3-D Secure into their mobile apps. Users of mobile apps can now authenticate their purchases in-app, rather than in browser-based pop-up windows.

Together, these changes to the user experience promise of a significant decline in cart abandonment which is bound to drive adoption even in regions where the payments networks have not mandated the introduction of the protocol.

AI: The next UX frontier

In today’s financial services industry, survival of the fittest comes down to offering an engaging customer experience designed from the ground up for a digital world, while offering state-of-the-art security. At Entersekt, this has been our vision from the outset. We’ve seen our technology help wipe out fraud for our clients, while providing their users with the control to seamlessly authenticate sensitive transactions. We’ve helped our clients innovate in a competitive payments market, allowing them to make their customers’ financial lives easier and safer.

Entersekt’s 3-D Secure solution marks yet another milestone in the evolution of the 3-D Secure protocol: it leverages artificial intelligence to determine the risk associated with each transaction. That way, financial institutions know when to trigger additional authentication steps, helping boost transaction success rates.

Click here to read more on 3-D Secure and the benefits offered by a state-of-the-art solution that provides a unified user experience across both versions of 3-D Secure.

Subscribe to our blog.

3-D Secure

Lelanie de Roubaix


Research and communications are not only two of Lelanie’s areas of expertise, but passions as well. She heads up Entersekt’s marketing communications team and is the company’s go-to person for industry and market research. A perpetual learner, Lelanie’s thirst for knowledge and sense of curiosity matches her perfectly to the dynamic fintech industry.

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.