3DS (3 Domain Secure) forms one of the most innovative births in the family of online payments. The protocol developed by VISA to improve online transaction performance adds a security layer for online credit and debit card transactions.
The scenario of Online payments in India
Since online transactions have become considerably popular in India lately, a lot of debit and credit card transactions happen on an everyday basis.
Some statistics for your reference: source
-
- Total amount transacted through credit cards at POS terminals — which was Rs 59,616 crore in July 2019 — increased by 24.8% in the 12 months ending July 2019. The amount transacted using POS terminals through debit cards went up by 20.3% during the same time. In July 2019, Rs 58,102 crore
- The number of transactions using credit cards at POS terminals (or swipe machines) grew by 23% year-on-year, while it increased by 14.6% for debit cards for the 12 months ending July 2019. In July 2019, the total number of POS transactions through credit cards was 178.4 million, while the figure for debit cards was 420.8 million.
- October and November 2019 alone are responsible for 8,32,601 transactions through credit cards and 85,92,31,520 through debit cards with amount 41,509 Lakhs and 3,15,43,207 Lakhs respectively (source)
Earlier, the constant fear about the safety of transactions restricted people from engaging in online transactions. But, the scenario has considerably changed in today’s time. Today, the e-commerce industry is largely being benefitted by 3-D Secure payment gateway service.
Ever since the 3-D secure methodology got adopted, it added an extra layer of security to credit and debit card transactions. The prevalence of 3-D secure payment gateway has ensured compliance all across. This is an XML-based protocol, which requires an additional validation step for online payments. This step leads to the authentication of the cardholder’s identity by his/her card-issuing bank. The technology was first adopted by Visa under the name Verified by Visa and then by MasterCard under the name MasterCard SecureCode and then Amex Safekey.
What is 3D secure?
3DS (3 Domain Secure) is an XML based technical protocol developed by VISA to improve online transaction performance and to add a security layer for online credit and debit card transactions. It consists of specifications that include requirements and specifications for participants involved in transactions. As the name suggests the process is divided into three domains, viz. Issuer domain, Acquirer domain, and Interoperability domain.
What are the Three domains of 3DS?
3DS(3 Domain Security) divides the authentication process into 3 domains as per the participants, a cardholder, An issuer, an acquirer, and a merchant involved in the process.
Issuer domain:
This is the bank that issues the card to the cardholder for making payments for the purchase of goods and/or services.
This is the bank that issues the card to the cardholder for making payments for the purchase of goods and/or services.
The issuer domain comprises of the following:
- Cardholder browser and related software: Sends and receives messages between the MPI and ACS.
- Enrollment server: Facilitates cardholder’s initial authentication as well as administrative activities
- Access control server: It checks the authenticity of a card in the card schemes and assists in the authentication of the cardholder
- Validation server: Performs a validation of cardholder’s authentication.
Acquirer domain:
This is the bank where the merchant/seller’s bank account is held. This bank account receives the money from the buyer for goods/services sold by the merchant.
The acquirer domain comprises of the following:
- Merchant Plug-In: It creates and processes cardholder’s authentication messages. Plug-in is invoked after the finalization of purchase by the cardholder.
- Signature Validation Server: It validates the digital signature on an already authenticated order/purchase request. This server either comes separately or integrated with MPI.
Interoperability domain:
This is the domain that decides which network will be used. The networks that usually come into use are Visa, MasterCard, Rupay.
The interoperability domain comprises of the following:
- Directory Server: This server provides centralized decision-making capabilities The directory validates if the given account number is associated with the card and is part of a card scheme and forwards the request to the ACS for further processing.
- Certificate Authority: It generates and distributes all needed certificates across all domains. These certificates are card scheme certificate, SSL server certificate, public root hierarchy certificates, and digitally signed certificate of the issuer.
How 3D secure Payment Gateway works?
In simple words it follows the following steps:
- The customer initiates the online transaction by entering debit/credit card information on the merchant website.
- The PG contacts a directory server (VISA, MasterCard, etc who provides 3DS) and gets status on the authentication message on the card.
- PG redirects the customer to the 3DS page where the customer needs to authenticate himself/herself by entering the OTP.
- 3DS response then goes to PG and the acquirer institution authenticates the transaction.
- Based on the success/failure of the transaction, the customer gets notified of transaction success or failure.
Here is a detailed version:
Hence, 3-D Secure payment gateways are devised for reducing all types of online fraud and simultaneously, helps merchants reduce the online costs of managing a payment service.
Since 3-D secure payment gateway has brought the e-commerce Industry a further trigger to the success, the benefits are worth a glimpse:
A significant increase in the confidence of online buyers:
The advanced technology, which is a 3-D Secure payment gateway, has made the masses realize how convenient and secure it is to indulge in online payments. This has led to an increase in online shopping for almost everything from grocery to apparel. Simultaneously, the convenience of online payments has furthered the trend of online payments.
Validation of card payments (debit):
Since debit cards were not allowed for making financial transactions earlier because of the security reasons, many customers with only debit cards remained scooped out. Although, with the introduction of 3DS (3 Domain Secure) payment gateways, the confidence of RBI has increased on the safety of online payments and it has validated the same for making payments. This has led to a hike in the number of people who accept payments and make online payments.
Advanced and Trustworthy technology:
A 3-D Secure payment gateway is a successful and trustworthy technology, which considerably has reduced online frauds, especially when in sync with fraud prevention tools like Cardholder Verification value, Address verification services, etc.
Fraud reduction:
3DS reduces fraud and protects merchants as well as customers’ data making online payments safer. Safe online payments improve brand loyalty and increase the customer base. Customers gain more confidence in online payment which boosts online shopping.
Frictionless authentication:
3DS offers frictionless authentication without compromising security and adding transaction efficiency.
Chargeback liability shift:
3DS provides a chargeback liability shift. This can be considered as an extra layer of protection where liability for chargebacks is shifted from merchant to cardholder’s bank.
With all the benefits to the merchant services and merchants, the e-commerce industry has put all their faith in a 3DS (3 Domain Secure) payment system undoubtedly.
Ever since online payment acceptance have entered the ecosystem, the main concern has remained that of online frauds. However, seeing how technology has leaped forward with a high level of security infused, it is so much vividly evident that it has turned out to be a much-needed relief for the fast-spreading e-commerce industry.
How to get started with 3DS?
To get started with 3DS for online payment acceptance, you should have a card payment acquirer that uses 3DS and a merchant account.
Lyra provides a payment gateway that offers 3DS authenticated payment processing along with PCI compliance (PCI DSS V3.2.1) providing complete data security for merchants as well as customers
Get started with Lyra Payment Gateway with safe and secure online payment acceptance.