3D Secure (often known by its branded names of Visa Secure and Mastercard Identity Check) is a security protocol that protects a buyer's credit card against unauthorised use when shopping online. This simple service enables buyers to validate transactions they make over the internet by requesting a personal code (usually sent to their cell phone or email address as a one time PIN or push notification). It helps protect against fraudulent use by unauthorised individuals. You can find out more about how 3D Secure works here.
In 2019 an improved version of 3D Secure, called 3D Secure 2 (also known as 3DS2, EMV 3-D Secure or 3D Secure 2.0), was released as an improved level of authentication that is mobile-first and caters for a better user experience. PayFast currently supports 3D Secure 2. The most important features of 3D Secure 2 are as follows:
Frictionless authentication
3D Secure 2 uses frictionless authentication that allows card-issuing banks to verify cardholders and approve transactions without requiring manual input from the buyer, which is a faster and more accurate method than the first version of 3D Secure. This is achieved through risk-based authentication (RBA), which involves sending data about the cardholder and the transaction to the issuing bank who then compares it to the cardholder’s historical transactional data to determine fraud risk. If the risk is low then the payment is processed without the need for the cardholder to verify the transaction. If there is any risk, then the cardholder will be challenged to provide additional input to authenticate the payment.
Improved user experience
3D Secure 2 has been designed to use dynamic authentication methods such as biometrics and token-based authentication, facilitating a faster and unobtrusive authentication process. This is ideal for the smartphone environment and mobile banking apps, as it allows cardholders to authenticate their payment through their banking app using facial recognition or a fingerprint, for example.
With 3D Secure 2 there are no more page redirects, but rather the authentication request appears as a modal on the checkout page, bypassing the need for buyers to be redirected away from the checkout page to complete their payment, which has previously been associated with cart abandonment.