A 3D payment gateway is a service that allows merchants to integrate 3D Secure enabled credit cards into e-commerce transactions. It’s not the same as an SSL certificate since it provides more than just encryption, but rather a full complement of services all rolled up into one package.
3D Secure is the global standard for online authentication. It is a multifactor authentication program that ties together an online merchant and a customer’s credit card.
All 3D Payment Gateways include:
- A) An ecommerce platform for selling products or services online
- B) A merchant account with payment gateway features, such as accepting payments through specific gateways, supporting recurring billing and recurring payments etc.
- C) A security suite for ecommerce including PCI-compliance, SSL implementation and merchant level anti-fraud services.
- D) A customer authentication service for multi factor or strong authentication using secure payment methods such as Verified by Visa or Mastercard SecureCode . This is the 3D Secure technology enabling increased reassurance in e-commerce transactions for online banking customers.
- E) A customer service area where merchants can manage their account, process refunds etc.
- F) Integration with merchant’s ecommerce front-end for secure payments through specific gateways such as Visa, Mastercard, JCB or PayPal.
- G) Detailed reports on all aspects of the merchant account, including transaction details, fraud prevention etc.
The gateway is the part of the 3D Secure standard that allows merchants to enable customers to securely pay for goods or services online using their online banking password. This password is referred to as a “3D Password”, because it consists of three parts: something you know, something you have and something you are.
The “something you know” component is your usual password. The “something you have” part is a Verified by Visa or Mastercard SecureCode electronic token, which can be something you carry on your keychain or an electronic device such as a mobile phone. Lastly, the “something you are” component of 3D Secure is biometrics:
- A) Fingerprint scans, which some banks and credit card companies already provide their customers through an additional device attached to the bank card.
- B) Voice recognition software that allows you to speak a password into your computer’s microphone (also known as voice-activated security). Some versions allow you to speak two different passwords into the computer’s microphone.
- C) Retina scans, which are used by some biometric scanners that connect to PCs via USB or RS232.
- D) Iris scans, which work in the same way as fingerprints but are based on different patterns in the iris of an eye. This is often considered a more secure method than fingerprints because the patterns in your iris are unique from everyone else’s.
- E) Facial recognition, which is a more accurate way of identifying an individual by scanning their face for specific points or features.
- F) Signature dynamics, which measures the pressure and speed at which you write your signature to identify you securely. This method has been used in Japan for years and has recently started to be introduced elsewhere.
Merchants can choose which of these methods they wish to support on their sites, but all products must offer at least one secure authentication method when using the 3D Secure standard. Customers also have the option to use none of these methods if they prefer not to do so.
3D Secure adds a significant level of security to online payments. It is estimated that fraud losses with 3D Secure averaged around 10 percent in 2005, compared to losses from non-3DS transactions running at about 30 percent. This is because merchants check the customer’s identity before processing payment and the card issuer has a better opportunity to detect fraud.