Every day, fraud prevention pros must manage risk in multiple vectors with an array of security technologies and processes.

Multi-factor authentication is one tool among many. The 3-D Secure protocol adds a second factor to online purchase transactions with payment cards. The goal is reducing chargebacks due to unauthorized transactions.

First, let’s understand what is 3D Secure & how it works

3-D Secure is an XML-based protocol designed to be an additional security layer for online credit and debit card transactions. Services based on the protocol have also been adopted by MasterCard as MasterCard SecureCode, and by JCB International as J/Secure.

The cardholder authenticates themselves to the issuing bank on the 3D Secure page using either a one-time PIN or a known password. The acquiring bank authorizes the transaction by communicating with the credit card network and issuing bank. The response, either success or failure, is passed back up the chain to the card holder.

Why should merchants still use Emailage while implementing 3D Secure?

3D Secure is by no means a new technology. Although it has minimal penetration in the US market, several markets in Europe and Asia utilize 3D Secure.

Merchants in these markets have seen huge value in running their transactions first using Emailage as a first line of defense.

Because now more than ever, it’s critical to build a complete picture of the reputation and true identity of a customer. At Emailage, we provide critical intelligence on the behavior and history associated with an email address though analysis of over 200 data points. When this intelligence is available as an up-front layer of security, fraud managers are empowered to make confident, accurate decisions.

Let’s talk about customer impact & friction

One of the biggest reasons why 3D Secure has not been widely adopted in the US is the rather high amount of customer friction it introduces. The US market is primarily focused on providing a seamless customer experience. This competitive landscape has nearly every company that does business online scrambling to provide the “one-click” purchase experience.

That’s one of the key reasons, along with the high cost of PIN terminals for merchants, why the US implementation of EMV cards went with chip-and-signature, rather than chip-and-PIN like the rest of the world.

Running 3D Secure on every single transaction could impose massive friction on unsuspecting customers, which would in turn drive them to other sites which offer less friction. Plus, from the perspective of issuing banks, requiring customers to require yet another PIN represents an additional layer of friction.

… And risk of revenue loss

The biggest benefit for merchants to use 3D Secure is the shift in chargeback liability, which means issuers won’t be able to issue a chargeback and will have to absorb the losses.

Although this sounds like an excellent plan, it imposes major risks. For example, issuing banks can tighten their controls and stop a large number of transactions. We currently see merchants who wish the issuing bank would approve all the transactions and give merchants the ability to manage the risk on their side.

Depending on how 3D Secure is implemented, it could put more control in the hands of the issuing bank which can drive more declines and loss of revenue to merchants.

What about current 3D Secure improvements?

Although there is a big expectation that with the new improvements, 3D Secure will exist in a sort of “silent” mode, meaning no impact on the final customers. But here it’s difficult to believe that one single solution would be able to successfully identify which transactions are risky, and whether or not they should be authenticated or not.

Additionally, US customers that travel abroad and try to buy online still face major barriers via 3D Secure, driving additional customer dissatisfaction and loss of revenue.


Although 3D Secure has its benefits and promises, it’s always better to control your transaction flow and your approvals. Doing so will allow for higher revenues and less customer disruption, including potential loss of customer lifetime value.

That said, Emailage is an ideal partner to extract the best balance of using 3D Secure, since our solution exists as an initial check for transactions, allowing merchants to selectively decide which cases should be automatically approved and which ones require 3D Secure.

Emailage allows identity validation of the person behind the transaction, providing more upfront intelligence that can be leveraged if further authentication is needed.

Our customers have found that Emailage helps identify which transactions should be reviewed and stopped, as well as those that would be the ideal candidates for a 3D Secure. This approach minimizes the number of transactions passed to 3D Secure and offers no customer impact.

Plus, additional benefits are realized through an automated manual review process. At the end of the day, it’s about maximizing the amount of additional revenue from approved transactions that would be previously declined.

I invite you to follow me on LinkedIn

Follow Emailage on LinkedIn and Twitter (@emailage)

Click here to discover how to get secure, intelligent risk assessment using an email address.