3D Secure

The volume of internet trade is growing at a phenomenal rate; however some criminal elements are taking advantage of this growth to target websites with stolen card details. It is now more vital than ever for merchants to protect their businesses against this increased risk of fraud.

The role of 3D Secure

Internet transactions are classed as 'cardholder not present' (CNP) transactions. Until recently, there was no easy way to identify a cardholder and confirm that it was indeed the legitimate cardholder entering the card details.

A significant proportion of chargebacks can arise as a result of the cardholder denying that they authorised a transaction. It is traditionally very difficult to successfully appeal against this sort of chargeback. The 3D Secure technology is designed to reduce the possibility of fraudulent card use by authenticating the cardholder at the actual time of the transaction and subsequently reducing a merchant's exposure to disputed transactions and chargebacks of this type.

What is 3D Secure?

3D Secure stands for Three Domain Secure - the payment industry's internet authentication standard which has been developed by the major card associations. Visa has called their version of the scheme 'Verified by Visa' and MasterCard have called their equivalent initiative 'MasterCard SecureCode'. These are both collectively referred to as 3D Secure.

3D Secure authentication requires the cardholder to register their card to take advantage of this service. This is a one time process which takes place on the card issuer's website and involves the cardholder answering several security questions to which only the card issuer and cardholder will know the answer. The cardholder selects a password and agrees on a secret phrase, which will be used by the card issuer during each online transaction.

3D Secure can be thought of as an online version of 'Chip and Pin' technology, whereby the cardholder has a personalised password registered with their card that is entered during the checkout process.

How does 3D Secure work with PayFast?

3D Secure does not yet enjoy widespread use amongst online merchants and as such, there is still a lack of understanding about what it is and how it works. This lack of understanding can lead to customers failing to complete transactions due to being asked to enter their online pin for a credit card transaction.

As such, PayFast has gone for a more measured approached with the implementation of 3D Secure where we don't require it for every transaction, but only when the transaction value is over a specified amount (or when there is a high risk of fraud as determined by our security systems).

As a receiver of payments funded by credit cards, you have control over this value and can set it according to your specific business needs.

What are the advantages of 3D Secure?

  • The key attraction to receivers of payments is that once a cardholder registered with the scheme has input their correct 3D Secure password during a transaction and this has been successfully authenticated (and providing that they are acting legally), the liability of a chargeback arising from the cardholder denying that they authorised the transaction, should shift from the receiver to the cardholder's issuing bank.
  • If a customer is not yet registered with the scheme, the fact that the transaction is checked by PayFast for 3D Secure compliance should give similar protection from the customer denying that they processed the transaction (providing the customer's bank is participating in the 3D Secure scheme).
  • Increased card holder confidence, leading to increased sales. Currently, around 50% of cardholders have not participated in an electronic transaction*. A huge potential market to unlock!
  • No additional fees.

* Source: MasterCard website

Are there any limitations of 3D Secure?

Ultimately, the risk of fraud lies with the end receiver the funds, but PayFast feels that it is vital that we provide you with the necessary tools to help you to protect your business and manage and reduce your exposure to fraud, chargebacks and their associated costs.

Chargebacks can still occur even when they have been fully authenticated by 3D Secure. This can include when a customer denies receipt of the goods or is not happy with the goods received.

Common questions answered

Can I opt out of 3D Secure checks?

By setting your "3D Secure Amount" value very high, you will effectively "opt out" of 3D Secure checks. There are however system limits in place which override any user specified limits, so you can never totally opt out of 3D Secure.

Will it add extra time on to the customer checkout experience?

The 3D Secure authentication process is smoothly integrated into the payment process and will usually only add a few seconds to the normal transaction time. A small price to pay for increased protection for both the receiver and the cardholder.