3-D Secure (3DS)

Entersekt | Encyclopedia | 3-D Secure (3DS)
What is 3-D Secure?

3-D Secure (3DS) is a security protocol used in online payment transactions to add an additional layer of authentication security, typically involving a one-time password (OTP) or biometric verification. The standard, EMV 3-D Secure, was developed by EMVCo, a global technical body that regulates payment security, and can be implemented via a 3-D Secure Access Control Service (ACS), a Directory Server (DS), or a merchant plug-in, for instance. The aim of 3DS is to prevent card-not-present (CNP) payment fraud and reduce friction in the e-commerce checkout process.

How has 3-D Secure technology evolved?

As payment technology and the associated fraud schemes continually evolve, so does the industry’s 3DS standard to ensure that digital banking payments are secure while also delivering a seamless shopping experience. While the original 3-D Secure 1 operated using outdated SMS OTP tools, newer versions of the protocol collect more data points on transactions and include modern, secure, risk-based authentication measures, in-app approvals, biometrics, and decoupled authentication. Consequently, financial institutions (FIs) can offer more customer personalization, better security, and uninterrupted e-commerce experiences.

The protocol’s latest iteration, EMV 3-D Secure, enables data about the customer's transaction, payment method, and their device to be exchanged between the issuer and merchant, so FIs can quickly spot and prevent fraudulent transactions without hindering legitimate users or driving up cart abandonment rates. In other words, 3-D Secure measures verify that the person making the payment is the actual card owner.


A consumer wants to purchase a new pair of sneakers. They log in to an e-commerce website that sells their favorite sneaker brand. On finding a pair that they like, they begin the checkout process. When it comes to payment, the merchant website activates the 3-D Secure protocol, and the transaction data is shared with the issuer. If the transaction is deemed a higher risk, for a large payment, for instance, the consumer may be directed to their mobile banking app to confirm the transaction. If the risk is assessed as low, the authentication occurs in the background and payment goes through.

Explore further:


3-D Secure (3DS) | EMVCo | Card-not-present (CNP) fraud