Skip to main content
What is 3D Secure?
Updated over 3 months ago

3DS is a security protocol used by merchants and issuers worldwide as an extra layer of security to ensure a purchase is from the rightful owner of the card. It prevents fraud attempts and makes your online transactions even more secure.

Today, as part of our partnership with Visa, incard debit cards benefit from this technology and work on websites that have 3D-Secure in place. It is the merchants who are responsible for implementing 3D-Secure. If a merchant has implemented 3D-Secure, a Verified by Visa logo will be visible on their website.

Example of 3DS flow:

  1. You enter your card details

  2. incard will assess the request and decide if additional 3DS authentication by the cardholder is required at this step

  3. If required, you'll be asked to complete the additional authentication step

  4. Tap on the notification you’ve in the corresponding box and complete the authentication step

If you have problems with your online payments, you can troubleshoot them in this article.

Why it is needed?

Since May 2021, all online transactions are subject to mandatory verification via the 3D-Secure system (3DS), with the aim of improving the security of online transactions and banking operations while protecting your data.

Organisations like card brands and other associations have developed technology to help reduce risks of fraud and identity theft through payments. This method is called strong customer authentication (SCA). SCA is a requirement from the EU Revised Directive on Payment Services (PSD2) which needs a type of multi-factor authentication (MFA) to complete a payment. This was started in 2007 as the Payment Services Directive (PSD) and is regulated by the European Commission across the European Economic Area. Its main goal is to protect customers, merchants and banks from fraud using 3-D Secure (3DS).

For each online transaction, you must confirm that you are the cardholder. This is done via strong authentication and also ensures that the merchant only accepts legitimate customers.

For more information, please refer to the documentation below:

Did this answer your question?