What is 3D Secure 2?

What is 3D Secure 2?

3D Secure (often known by its branded names of Visa Secure and Mastercard Identity Check) is a security protocol that protects a buyer's credit card against unauthorised use when shopping online. This simple service enables buyers to validate transactions they make over the internet by requesting a personal code (usually sent to their cell phone or email address as a one time PIN or push notification). It helps protect against fraudulent use by unauthorised individuals. You can find out more about how 3D Secure works here


In 2019 an improved version of 3D Secure, called 3D Secure 2 (also known as 3DS2, EMV 3-D Secure or 3D Secure 2.0), was released as an improved level of authentication that is mobile-first and caters for a better user experience. 


The most important new features of 3D Secure 2 are as follows:


Frictionless authentication


3D Secure 2 uses frictionless authentication that allows card-issuing banks to verify cardholders and approve transactions without requiring manual input from the buyer, which is a faster and more accurate method than the first version of 3D Secure. This is achieved through risk-based authentication (RBA), which involves sending data about the cardholder and the transaction to the issuing bank who then compares it to the cardholder’s historical transactional data to determine fraud risk. If the risk is low then the payment is processed without the need for the cardholder to verify the transaction. If there is any risk, then the cardholder will be challenged to provide additional input to authenticate the payment.


Improved user experience


3D Secure 2 has been designed to use dynamic authentication methods such as biometrics and token-based authentication, facilitating a faster and unobtrusive authentication process. This is ideal for the smartphone environment and mobile banking apps, as it allows cardholders to authenticate their payment through their banking app using facial recognition or a fingerprint, for example. 


With 3D Secure 2 there are no more page redirects, but rather the authentication request appears as a modal on the checkout page, bypassing the need for buyers to be redirected away from the checkout page to complete their payment, which has previously been associated with cart abandonment. 

PayFast and 3D Secure 2

As of 14 February 2022, PayFast supports 3D Secure 2. We’ll apply 3D Secure 2 when it’s supported by the cardholder’s bank and revert to 3D Secure when the new version isn’t supported yet. 


Please note:
Only Absa acquired transactions are 3D Secure 2 supported, Nedbank to be rolled out shortly.

    • Related Articles

    • What does 3D Secure mean?

      The term 3D Secure comes from Three Domain Security. This is due to the fact that there are 3 "domains" involved in the 3D Secure process: Issuer Domain, Interoperability Domain and Acquirer Domain.     The issuer domain is where the cardholder and ...
    • How does 3D Secure affect international card holders?

      In order to fully answer this question, context about 3D Secure in the world needs to be explained. Worldwide standard 3D Secure is not unique to South Africa and is a system in use throughout the world as per Visa and Mastercard guidelines. Visa and ...
    • What is 3D Secure (Verified by Visa / Mastercard SecureCode)?

      3D Secure is a technical standard created by Visa and Mastercard to further secure CNP (Card-holder Not Present) transactions over the Internet. Mastercard brands their system as 'Mastercard SecureCode' and Visa call theirs 'Verified by Visa'. 3D ...
    • Why am I getting 'The merchant cannot accept these kinds of payments at the moment' as an error?

      This error would occur if tokenization has not been enabled on your PayFast Dashboard.  To enable these types of recurring payments, do the following: Navigate to Settings > Developer Settings. Ensure that a Security Passphrase is set on your ...
    • Is PayFast PCI Compliant?

      Yes, PayFast is PCI DSS Level 1 Service Provider, which is the highest level possible. What is PCI Compliance? PCI DSS stands for Payment Card Industry Data Security Standard and is a PASA (Payment Association of South Africa) regulation in South ...