What is 3-DS? The Challenges and Future of Three Domain Secure

Posted on June 28, 2018 Peter Mollins

This overview of 3-DS (3 Domain Secure), and its future, was presented by Spreedly software engineer and thought leader DeeDee Lavinder at PAYMENTSfn in May 2018.

So, What is 3-DS?

3-DS is a fraud prevention security protocol for online purchases. It can also be described as an antiquated version of two-factor authentication for e-commerce.

So, what does 3-DS refer to? 3 Domain Secure’s name is derived from the three domains that it interrelates to: the network, issuer, and merchant, or acquirer, domains.

  • The “merchant” represents the merchant through which the purchase is being made as well as their bank.
  • The “issuer” domain covers the bank that issued the card that is used for the transaction.
  • The “network”, or “interoperability”, domain represents the payment infrastructure, usually managed by Mastercard, Visa, etc.

3-DS Flowchart Visualization

The Benefits and Drawbacks of 3-DS

3-DS was introduced in the early 2000s as e-commerce was taking off. There are definite benefits from its use. For instance, it may help reduce fraud. And certainly, in its early days, it helped increase consumer confidence. It also helped shift liability to the issuer away from the merchant.

However, there are drawbacks. For instance, the liability shift is not a guarantee. There are many caveats that go along with that shift. Also, the extra verification step that is needed is no longer seen as a confidence booster. Instead, it may lead to more friction in the purchase. That can lead to increased customer frustration and abandoned shopping carts.

The Future of 3-DS

As online fraud has grown more sophisticated, 3-DS has not evolved to stay ahead of fraud developments. There have been also trends that have worked against 3-DS. For instance, its reliance on passwords is not a robust security approach. And its dependence on web browsers to purchase ignores the mobile experience.

The good news is that 3-DS 2.0 is being introduced. It will be device agnostic, enabling mobile and in-app transaction as well as digital wallet payment methods across device types. Tokens and biometric verification are considered more robust than static passwords. They also create a better experience for customers.

Risk-based authentication also allows issuers to get additional data from the purchase context. As a result, 3-DS 2.0 protocol supports the PSD2 directive in Europe. 3-DS 2.0’s improvements in customer experience, security, and accessibility will likely lead to greater adoption. Mastercard has given about 2 years to comply and Visa dates for support are to be announced.

As a result, there is a brighter future for 3-DS as a tool that payments engineers can use to combat fraud while ensuring a great customer purchase experience.

Sign up for blog post updates

A weekly notification about new Spreedly articles on PCI compliance, gateways, & payment forwarding.