3-D Secure is an XML-based protocol used as an added layer of security for online credit and debit card transactions. The 3-D Secure protocol was developed by Visa to improve the security of Internet payments and offered to customers as the Verified by Visa service. Services based on the protocol have also been adopted by MasterCard, under the name MasterCard SecureCode, and by JCB International as J/Secure. 3-D Secure allows better authentication of the payment card holder by their card issuer when they are making purchases online from a merchant's web site. The rollout of 3-D Secure to merchants is being encouraged by the card schemes offering better cover against fraud losses to the merchants. A merchant without 3-D Secure is liable for transactions that subsequently turn out to be fraudulent even if a valid transaction authorisation was received at the time. Basic aspect of service: A transaction using Verified by Visa/SecureCode will initiate a redirect to the website of the card issuing bank to authorize the transaction. Each issuer could use any kind of authentication method (the protocol does not cover this) but typically, a password-based method is used, so to effectively buy on the Internet means using a secret password tied to the card. The Verified by Visa protocol recommends the bank's verification page to load in an inline frame session. In this way, the bank's systems can be held responsible for most security breaches. |