3D Secure stands for Three Domain Secure which is an XML-based protocol used as an added layer of security for online credit and debit card transactions. 3D Secure has been developed by major card companies. Visa calls their version 'Verified by Visa' while MasterCard call theirs 'MasterCard SecureCode'. Both are referred to as 3D Secure.
Basically, internet transactions are classed as 'cardholder not present' (CNP) transactions, which makes it hard to identify and confirm that the legitimate cardholder is the one entering the card details. 3D Secure technology was developed to reduce the frequency of fraudulent card use by authenticating the cardholder at the time of the transaction. In turn, this reduces incidence of disputed transactions and chargebacks.
How it works
The protocol aims to integrate the financial authorization process with the online gateway authentication. This is based on a three domain model made up of the Acquirer Domain (the merchant and the bank to which money is being paid), the Issuer Domain (the bank which issued the card being used) and finally the Interoperability Domain (the infrastructure provided by the credit card scheme to support the 3D Secure protocol). It uses XML messages sent over SSL connections with client authentication.
A transaction using 3D Secure is redirected to the website of the card issuing bank, where the cardholder goes through an authentication method. The authentication method is not covered by the protocol, but it is usually a password-based method. The main difference between Visa and MasterCard implementation is the method used to generate the AAV (Accountholder Authentication Value). MasterCard uses the UCAF (Universal Cardholder Authentication Field). Visa uses CAVV (Cardholder Authentication Verification Value).
In simple terms, the behavior you see is as such:Ifthe bank that issued the customer's credit card is a member of the 3D Secure/VBV scheme a pop-up windowmayappear either asking the customer to register their card, or if they have already registered asking the customer for a password to enable them to identify themselves.
Setting up 3D Secure at the Gateway
In all cases, you will need to check your gateway settings and configuration and make sure that you have 3D Secure enabled, configured, and active. Please consult your gateway for more information or assistance.
Setting up 3D Secure in AspDotNetStorefront
The following gateways natively support 3D Secure.
See Cardinal Commerce for more information on how to set up these gateways to use 3D Secure using Cardinal Commerce.
Shopper Experience with 3D Secure Enabled
When the shopper chooses to pay with a credit card in checkout, they will are directed to a separate form into which they enter additional information required by the 3D Secure process. The form interacts directly with the gateway - not AspDotNetstorefront. Once the shopper completes the gateway-specific form, the shopper is directed back to your shopping cart. As an important part of this process, AspDotNetStorefront now has all the necessary data tokens, etc., necessary to process payment on the order, all without actually storing or tranmitting the actual cardholder data.