What is 3D Secure 2?

What is 3D Secure 2?

3D Secure (often known by its branded names of Visa Secure and Mastercard Identity Check) is a security protocol that protects a buyer's credit card against unauthorised use when shopping online. This simple service enables buyers to validate transactions they make over the internet by requesting a personal code (usually sent to their cell phone or email address as a one time PIN or push notification). It helps protect against fraudulent use by unauthorised individuals. You can find out more about how 3D Secure works here


In 2019 an improved version of 3D Secure, called 3D Secure 2 (also known as 3DS2, EMV 3-D Secure or 3D Secure 2.0), was released as an improved level of authentication that is mobile-first and caters for a better user experience.  PayFast currently supports 3D Secure 2. The most important features of 3D Secure 2 are as follows:


Frictionless authentication


3D Secure 2 uses frictionless authentication that allows card-issuing banks to verify cardholders and approve transactions without requiring manual input from the buyer, which is a faster and more accurate method than the first version of 3D Secure. This is achieved through risk-based authentication (RBA), which involves sending data about the cardholder and the transaction to the issuing bank who then compares it to the cardholder’s historical transactional data to determine fraud risk. If the risk is low then the payment is processed without the need for the cardholder to verify the transaction. If there is any risk, then the cardholder will be challenged to provide additional input to authenticate the payment.


Improved user experience


3D Secure 2 has been designed to use dynamic authentication methods such as biometrics and token-based authentication, facilitating a faster and unobtrusive authentication process. This is ideal for the smartphone environment and mobile banking apps, as it allows cardholders to authenticate their payment through their banking app using facial recognition or a fingerprint, for example. 


With 3D Secure 2 there are no more page redirects, but rather the authentication request appears as a modal on the checkout page, bypassing the need for buyers to be redirected away from the checkout page to complete their payment, which has previously been associated with cart abandonment. 


    • Related Articles

    • What does 3D Secure mean?

      The term 3D Secure comes from Three Domain Security. This is due to the fact that there are 3 "domains" involved in the 3D Secure process: Issuer Domain, Interoperability Domain and Acquirer Domain.     The issuer domain is where the cardholder and ...
    • How does 3D Secure affect international card holders?

      In order to fully answer this question, context about 3D Secure in the world needs to be explained. Worldwide standard 3D Secure is not unique to South Africa and is a system in use throughout the world as per Visa and Mastercard guidelines. Visa and ...
    • What is 3D Secure (Verified by Visa / Mastercard SecureCode)?

      3D Secure is a technical standard created by Visa and Mastercard to further secure CNP (Card-holder Not Present) transactions over the Internet. Mastercard brands their system as 'Mastercard SecureCode' and Visa call theirs 'Verified by Visa'. 3D ...
    • Is PayFast PCI Compliant?

      PayFast is PCI DSS Level 1 Service Provider, which is the highest level possible. What is PCI Compliance? PCI DSS stands for Payment Card Industry Data Security Standard and is a PASA (Payment Association of South Africa) regulation in South Africa. ...
    • How do I obtain a two-factor authentication key to log in with?

      There are two ways to obtain an authentication key. If you are using a smartphone, download the Authy app for your iPhone or Android mobile phone. Every time you log in, you will need to generate a secure token using the Authy app. If you don't have ...