Global cybercrime is growing. Cybersecurity Ventures predicts that online fraud damage will reach $8 trillion in 2023 and increase to $10.5 trillion by 2025. At the same time, ordinary citizens – users of bank cards-can take a significant share among the victims, experts believe.
3D Secure helps protect users from fraudsters when making online payments. But how effective is the technology today? And what can replace it? The answers can be found in this article.
3D Secure – an additional level of data protection in online payments. To minimize risks, you can also use: bank card PIN, name – indicating the first and last name, and CVV-code on the back. The task of 3D Secure is to verify the client when making payments on the Internet. This is done using a dynamic code that the buyer receives in an SMS.
3D Secure supports the security of payment for goods and services using bank cards on the Internet, and 3DS payments are transactions that are protected using this protocol.
The name of the technology is short for three domains. Addresses participate in 3DS acquiring:
How it works: the user enters their bank card details for online payment. At the same time, the planned purchase price is debited from the user's account. It is temporarily frozen on the payment system domain. It will remain there until the user enters the correct data from the SMS. If they don't do this, the money will be returned to the card. The store won't even see the money that the customer planned to send. However, as well as supporting information. It is stored on the bank's server.
The advantages of the protocol usually include the following facts:
At the same time, 3D Secure is not a mandatory technology. And despite the obvious advantages, some banks and online stores ignore it for the sake of making purchases faster – users perform fewer actions without the protocol. Others point to the questionable effectiveness of data protection. There are cases when cybercriminals managed to break through the payment protection with 3D Secure.
In addition to information security risks, the protocol's disadvantages also include inconveniences with code requests. If the user's phone number is unavailable because the battery is dead or offline, then you won't be able to make an online purchase.
According to Konstantin Korsakov, 3DS2 is more interesting for the market for several reasons. These include UX – it is convenient to work with the service on different platforms and form factors. Also in the new version, it is possible to work adaptively depending on the risk of a transaction (from frictionless to MFA) and perform more than just payment operations.
In the near future, another update version of 3D Secure may appear on the market. In any case, analysts are already studying it as a future alternative to the current protocol.
Then, according to the expert, the matrix with indicators is transmitted to the bank. It either cancels the transaction or performs an additional confirmation. This is necessary to protect the customer from unreliable online sellers. For example, if a store or marketplace worked without problems for several years, accepting payments under the 3D Secure standard, but suddenly stopped sending goods.
However, the global volume of online fraud has not decreased in recent years. The current 3D Secure protocol may lose its effectiveness – if not now, then in a couple of years for sure. That is why banks and retailers should prepare for the protocol update today, experts say. Moreover, it cannot be ruled out that 3D Secure will be updated next year — earlier than many expect.
3D Secure helps protect users from fraudsters when making online payments. But how effective is the technology today? And what can replace it? The answers can be found in this article.
3DS payments – what is it now?
3D Secure – 3DS) is an online transaction processing protocol that was originally created by Visa Corporation and named Verified by Visa (VbV). Later, and with minor amendments, the technology was adopted by Mastercard and JCB International. There it is called Mastercard SecureCode (MCC) and J/Secure, respectively.3D Secure – an additional level of data protection in online payments. To minimize risks, you can also use: bank card PIN, name – indicating the first and last name, and CVV-code on the back. The task of 3D Secure is to verify the client when making payments on the Internet. This is done using a dynamic code that the buyer receives in an SMS.
3D Secure supports the security of payment for goods and services using bank cards on the Internet, and 3DS payments are transactions that are protected using this protocol.
The name of the technology is short for three domains. Addresses participate in 3DS acquiring:
- the store that receives money from the buyer or customer. Payment details are entered on this side,
- the bank that debits money for the product or service from the client's card,
- a payment system that provides the technical side of the transaction.
How it works: the user enters their bank card details for online payment. At the same time, the planned purchase price is debited from the user's account. It is temporarily frozen on the payment system domain. It will remain there until the user enters the correct data from the SMS. If they don't do this, the money will be returned to the card. The store won't even see the money that the customer planned to send. However, as well as supporting information. It is stored on the bank's server.
Is the protocol relevant today?
All data protection technologies have advantages and disadvantages. And 3DS is no exception.The advantages of the protocol usually include the following facts:
- 3D Secure guarantees increased control and security: if a user loses a bank card, then another person will not be able to buy something with it;
- the verification code is generated anew each time – the buyer does not need to remember the same combination in order to purchase goods in the store at different times;
- authentication takes place automatically – without the participation of the bank card holder;
- the system works for free, which is not true for most data protection tools in the retail and banking sector;
- the technology helps online stores in the fight against fraud – it proves that the buyer paid for the purchases himself and confirmed his consent by entering the password from the SMS.
At the same time, 3D Secure is not a mandatory technology. And despite the obvious advantages, some banks and online stores ignore it for the sake of making purchases faster – users perform fewer actions without the protocol. Others point to the questionable effectiveness of data protection. There are cases when cybercriminals managed to break through the payment protection with 3D Secure.
In addition to information security risks, the protocol's disadvantages also include inconveniences with code requests. If the user's phone number is unavailable because the battery is dead or offline, then you won't be able to make an online purchase.
What does the future hold for the technology?
Today, 3D Secure technology, or 3DS1, is no longer considered the most effective. European countries are gradually abandoning it in favor of the new 3DS2 protocol, experts say.According to Konstantin Korsakov, 3DS2 is more interesting for the market for several reasons. These include UX – it is convenient to work with the service on different platforms and form factors. Also in the new version, it is possible to work adaptively depending on the risk of a transaction (from frictionless to MFA) and perform more than just payment operations.
In the near future, another update version of 3D Secure may appear on the market. In any case, analysts are already studying it as a future alternative to the current protocol.
Then, according to the expert, the matrix with indicators is transmitted to the bank. It either cancels the transaction or performs an additional confirmation. This is necessary to protect the customer from unreliable online sellers. For example, if a store or marketplace worked without problems for several years, accepting payments under the 3D Secure standard, but suddenly stopped sending goods.
Conclusions
Despite the criticism, 3DS payments are still one of the most secure payment methods on the Internet. The popularity of the technology is proof of this.However, the global volume of online fraud has not decreased in recent years. The current 3D Secure protocol may lose its effectiveness – if not now, then in a couple of years for sure. That is why banks and retailers should prepare for the protocol update today, experts say. Moreover, it cannot be ruled out that 3D Secure will be updated next year — earlier than many expect.
