What is 3D Secure in simple terms?

3D Secure is a protocol used by card networks like Visa and Mastercard to verify a customer’s identity during online or remote payments. It adds an extra security step, such as approving a payment in a banking app, entering a code, or using biometrics.

What’s the difference between 3DS1 and 3DS2?

3DS1 relied on clunky pop-up windows and passwords, which often disrupted payments. 3DS2 is mobile-first, frictionless where possible, and supports modern authentication methods like biometrics and app-based approvals.

Does 3D Secure reduce fraud?

Yes. By requiring the cardholder to authenticate themselves, 3D Secure blocks many fraudulent transactions. It also shifts liability for fraud-related chargebacks from the merchant to the issuing bank.

How does 3D Secure fit with Strong Customer Authentication (SCA)?

SCA, part of PSD2 regulation, requires two-factor authentication for online card payments. 3D Secure 2 is the most widely used way for businesses to comply with SCA.

Are biometrics accepted as payment authentication?

Yes. Biometrics such as fingerprints and facial recognition count as “something the customer is” under SCA rules. Mobile wallets like Google Pay and Apple Pay often rely on biometrics to confirm payments.

Do all transactions need 3D Secure?

Not always. Some low-risk payments may be processed without a challenge, thanks to risk-based authentication. But merchants should always support 3D Secure to reduce liability and meet compliance requirements.

How 3D Secure Protects Merchants from Fraud

Date Published : 24th September 2025

Share this post :

3D secure and other payment authentication

Fraud is one of the most persistent threats to businesses that take remote or online payments. Card-not-present (CNP) transactions — whether through e-commerce, phone, or digital channels — are particularly vulnerable. To combat this, the payments industry has introduced tools like 3D Secure and other advanced authentication methods that verify the customer before a payment is authorised.

For merchants, these protections are not just about reducing fraud losses. They also shift liability, improve customer trust, and simplify compliance with regulations like PSD2 and PCI DSS.

What Is 3D Secure?

3D Secure (Three-Domain Secure) is a security protocol designed by Visa and Mastercard to provide an extra layer of verification for card payments. It links three “domains”:

The merchant and acquiring bank
The card network (Visa, Mastercard, Amex, etc.)
The cardholder’s issuing bank

When a customer makes a payment, their bank may require them to authenticate the transaction through an extra step. This could mean logging into their banking app, entering a code, or using biometrics like a fingerprint or facial scan.

The current standard, 3D Secure 2 (3DS2), was developed to be mobile-friendly, quick, and low-friction — a huge improvement on the clunky 3DS1 experience many customers disliked.

How Does 3D Secure Work?

Payment begins – The customer enters their card details or clicks a secure pay-by-link.
Risk assessment – The issuing bank evaluates the transaction. If the risk is low (e.g. small value, familiar device), it may pass without extra steps.
Challenge requested – If flagged as higher risk, the customer is asked to verify using an authentication method (bank app, code, or biometrics).
Verification complete – Once approved, the transaction is authorised and liability shifts from the merchant to the issuer.

This process ensures that even if stolen card data is used, the fraudster is very unlikely to pass the bank’s checks.

Other Modern Authentication Methods Businesses Should Know

3D Secure is the most visible standard, but banks and wallets use a range of tools to satisfy Strong Customer Authentication (SCA) requirements under PSD2. These demand two or more factors: something the customer knows, something they have, or something they are.

Banking App Approvals
Many banks now push an approval request to the customer’s mobile app. With a single tap, the payment is confirmed securely.

One-Time Passwords (OTPs)
Some banks still rely on SMS or email codes. They’re easy to use but less secure than app-based authentication, so many issuers are phasing them out.

Biometrics
Fingerprints, Face ID, and even voice recognition are increasingly common, particularly for mobile wallets like Google Pay and Apple Pay. Biometric data adds a strong layer of identity verification with minimal friction.

Device & Behavioural Analytics
Some transactions are authenticated invisibly. Banks use device fingerprinting and behavioural analytics — like typing speed, location, and spending habits — to assess risk behind the scenes, allowing low-risk payments through without interrupting the customer.

Together, these methods mean that businesses can offer secure transactions without adding unnecessary barriers that frustrate customers.

Why 3D Secure and Authentication Matter for Merchants

Liability Shift
When a payment is authenticated through 3D Secure, liability for fraud moves from the merchant to the card issuer. That means if a transaction later turns out to be fraudulent, the cost isn’t yours.

Fraud Reduction
In 2023, card-not-present fraud cost UK businesses over £330 million. By requiring strong authentication, these losses can be dramatically reduced.

Regulatory Compliance
Strong Customer Authentication (SCA) is mandatory in the UK and EU for online card payments. Using 3D Secure is the simplest way to comply without overhauling your systems.

Customer Confidence
Today’s consumers are hyper-aware of fraud. Seeing extra authentication steps — or knowing that a merchant supports them — reassures buyers their data is safe. That reassurance can translate into fewer abandoned carts and higher conversion rates.

Future-Proofing
Authentication technology continues to evolve. 3DS2 already supports biometrics and frictionless flows, making it adaptable to new innovations while staying compliant. Merchants that adopt these systems now are prepared for the long term.

How SOTpay Delivers Secure Authentication Across Channels

While 3D Secure is most often associated with online checkouts, businesses also need to secure payments across phone, email, SMS, WhatsApp, live chat, and social media. That’s where SOTpay steps in.

Omnichannel protection – Every channel is secured with authentication built in.
Agent-assisted or self-service – Customers can pay through guided calls or by completing a secure link on their own device.
Reduced PCI scope – SOTpay keeps card details out of your environment, shrinking compliance requirements.
Fraud liability shift – Transactions use 3D Secure where applicable, moving responsibility to issuers.
Chargeback protection – Merchants using SOTpay regularly report near-zero fraud-related chargebacks.

By embedding authentication into every transaction type, SOTpay makes sure your business is always protected.

Fraudsters are constantly looking for weaknesses in payment systems. For merchants, 3D Secure and other modern authentication methods provide the shield needed to stay ahead — reducing fraud, preventing chargebacks, and building customer trust.

With SOTpay, you can extend that same level of protection across every channel you use to take payments. That means stronger compliance, safer transactions, and a more secure experience for your customers.

Book a demo today to see how SOTpay combines 3D Secure, modern authentication, and omnichannel security to protect your business.

Request a Demo from the SOTpay Team