Home
Merchant resources
What is a 3D secure payment gateway?
Payment security
Payment security
Video
June 3, 2024

What is a 3D secure payment gateway?

Featuring
Payment security
Payment security
Merchant resources

Payment processing is a remarkable feat that many of us take for granted.

It all seems simple from the outside. Even small-scale online stores can seamlessly accept credit cards and international transactions from strangers.

3D Secure payment gateways help make this happen. Let's look at what they are and why they matter.

What is a payment gateway?

A payment gateway is financial technology used by merchants to authenticate and accept debit or credit card purchases by customers.

It is essentially a middleman between customers and merchants which operates in point-of-sale (POS) technology.

This technology is present in brick-and-mortar retail stores and online payment processing portals found on websites and apps.

Its transaction processing technology captures, stores, and transmits card information from the customer to the acquirer processor. POS technology can then display acceptance or decline notifications to the customers.

Enabling a secure payment process

A large part of a payment gateway's role is protecting customers' payment data.

It needs to securely relay this data between multiple parties - customers, acquiring processors, issuing processors, acquiring banks, and issuing banks.

Payment gateways use data encryption and follow strict procedures outlined by the PCI-DSS compliance standard.

Payment gateways' online process

Because we are talking about 3D Secure payment gateways, it's worthwhile looking at how payment gateways work for online payments.

They act as interfaces between merchants' eCommerce platforms (including websites) and their acquirer domains.

The following steps outline the process that takes place.

1. Customer authorization

When prospective eCommerce shoppers want to make an online purchase for the first time on a new website, they enter their credit or debit card details on a payment page.

The form for this information will be directly provided by the merchant's chosen payment gateway or it will securely transfer the details to it.

2. Transaction data transfer

The payment gateway will then securely transfer the customer's card details and the transaction information to the payment processor.

3. Issuing bank authorization

The cardholder's account and transaction information is passed along the payment gateway to the issuer processor, which authorizes or blocks the transaction.

The information about the authorization (or block) is passed back through the payment gateway to the merchant via the acquiring processor.

The merchant and the customer find out whether it was a successful payment at the point of sale.

What is 3D Secure (3DS)?

3D Secure is a protocol used to authenticate online payments and mobile payments. It was created in 2001 to provide an extra layer of security for both online customers and online merchants.

'3D' stands for 'three domains'. The three domain model consists of the following:

  1. 3D secure infrastructure. This is the additional layer of security between the customer and the merchant. It's provided by issuing banks
  2. The merchant. The online business that is receiving the payment
  3. The card issuer. This is the consumer's bank account. It provides (/issues) the credit or debit card

It does this by creating additional authentication measures for online transactions - also known as multi-factor authentication.

What is 3D Secure 2.0?

3D Secure 2.0 is an updated version of the original 3D Secure that was developed to improve security and the user experience for online and mobile payments.

Authenticated payments using this security protocol require the cardholder to authenticate their identity with their issuing bank. This can be done via biometrics (such as fingerprint authentication) or one-time 3D Secure PINs.

Why is 3D Secure or 3D Secure 2.0 needed?

1. Reduces fraudulent transactions

3D Secure and 3D Secure 2.0 implementation help to reduce chargebacks and disputed or fraudulent transactions.

They do this by using contextual transaction information for low-cost transactions and requiring additional authentication measures to authenticate payments.

This saves merchants time, money, and stock items.

2. Liability shift

3D Secure payment gateways minimize card fraud risks for merchants by shifting liability to the issuing bank.

All authentication data and banking information provided by customers is stored on a secure payment server of the issuing bank. The online store itself does not have access to the payment card details, except for when making the transaction.

3. Improves customer confidence

Studies indicate that a third of cardholders are apprehensive to shop online due to privacy and payment safety concerns.

A business that wants to accept online payments needs to reassure customers over data breaches and general payment safety concerns.

3D Secure and 3D Secure 2.0 do this in the first instance by simply reducing fraud. But their presence itself can also reassure customers over general payment fraud and safety concerns.

Is 3D Secure required by regulation?

As part of European regulation, the Financial Conduct Authority's Strong Customer Authentication policy requires 3D Secure to be used for all online transactions.

It is not compulsory in all other parts of the world, but it is often highly encouraged.

What is a 3D Secure (3DS) payment gateway?

A 3D Secure payment gateway is a type of gateway that uses 3D Secure or 3D Secure 2.0 protocol for authorisation online purchases.

This technology adds an extra layer of encryption to consumers for card not present merchants.

When making an online payment via a 3D Secure payment gateway, the cardholder must prove their identity by entering a static password, a temporary PIN or one time password, or using biometric authentication.

3D Secure payment gateway providers

Examples of 3D Secure payment gateway providers include: Visa's Verified by Visa, Mastercard's Securecode, American Express' Safekey, and Nuvei's Smart 3Ds that dynamically routes transactions via the appropriate 3DS flow.

How does a 3D Secure payment gateway work?

3D Secure payment gateway authentication consists of the following steps.

1. Card data input

The cardholder will input basic card details. These include their name, card number, expiration date, and authentication code (CVC).

2. 3D Secure check

The 3D Secure payment gateway will check if the card is registered for 3D Secure authorization.

At this point, payment gateways will usually follow their regular procedure (see above, 'Payment gateways online process') and most buyers will go straight to step 6 ('Payment confirmation').

However, if for any reason the 3D Secure payment gateway detects any need for further checking of a transaction, step 3 takes place.

3. Redirect to the 3D Secure page

If the customer credit card name is registered for 3D Secure authorization, the customer will be redirected to the issuing bank's 3D Secure page or portal.

4. Security check

To ensure data security the cardholder will be sent a unique one-time password or PIN number via email or SMS to verify their identity. For 3D Secure 2.0 solutions, biometric data such fingerprint authentication might be required.

5. Redirect back to the merchant's website

After successful authentication, the client will be returned to the website to complete their online transaction.

6. Payment confirmation

After being redirected back to the website, the customer will be informed of their successful payment.

What's the difference between a 2D payment gateway and a 3D payment gateway?

Although the principle is the same, there are some key differences between a regular payment gateway and a 3D payment gateway. The main one being the level of data security that each one provides.

A 2D payment gateway does not require any additional security checks, such as a one-time password, to verify the payment. The customer's card details are all that is needed.

A 3D payment gateway does provide an additional layer of security, whether that be a static password or biometric authentication.

This isn't always implemented, but when it is, it significantly strengthens the security process.

Conclusion

A payment gateway is a type of technology that functions as a middleman between customers and merchants.

Some major payment processors and gateways use 3D Secure or 3D Secure 2.0 protocol for authorization of online purchases.

The merchant's chosen payment gateway will securely transfer the customer's card details and the transaction information to the payment processor.

The cardholder's account and transaction information is passed along the payment gateway to the issuer processor, which authorizes or blocks the transaction.

The information about the authorization is passed back through the payment gateway to the merchant via the acquiring processor.

The creates additional authentication measures for online transactions, providing an extra layer of security for both online customers and online merchants. It also instills confidence in customers and shifts liability to the issuer domain.

Further insights

Read more
Video

Essential guide to payment tokenization: benefits and best practices

Read more
Video

What is a chargeback? A definition and guide

Read more
Video

What is a 3D secure PIN?

Investor relations
Revenue acceleration
Payment technology
Global expansion
Payment security
Regulatory compliance

Payments designed to accelerate your business

Choose Nuvei for payments that work harder to convert sales and boost your bottom line.

Contact us
button arrow