What is 3D Secure?

Credit and debit card transactions on iStyles are secured by 3D Secure. 3D Secure is an authentication protocol that adds a additional layer of verification and security for credit and debit card transactions. While conventional transactions only require the card details and security code, a 3D Secure payment prompts the shopper for an additional password or one-time password (OTP) on their mobile device.

Every time your credit or debit card is used for a purchase at a participating merchant (such as iStyles), 3D Secure ensures that only you (the authorised card owner) are making the purchase and not anyone else.

How does 3D Secure work?

The 3D Secure protocol was initially developed by Visa under the name "Verified by Visa" and works via a complex interaction between three domains: the card issuer, the acquirer, and the interoperability domain.

When a customer confirms an order on iStyles (the interoperability domain or "business") after entering their card information on the Checkout page:

  1. The request is sent to Stripe (the acquirer that processes our card transactions)
  2. Stripe forwards the request to the customer's card network (often Visa or Mastercard)
  3. The card network identifies the customers card issuer (the customer's bank) and transmits the request
  4. The customer's bank (the card issuer) prompts the cardholder for verification of the transaction, either through a pop-up window or an in-app interface
  5. Once the cardholder has authorised the transaction, the customer's bank evaluates the authorisation and authenticates the transaction. This authentication is then sent back through the card network (Visa or Mastercard) to the acquirer (Stripe) that then informs the business (iStyles)
  6. The transaction can proceed if the authentication is positive. The transaction will be cancelled if the authentication fails (for example, if the customer provides the wrong OTP or does not approve the transaction on the banking app)

How will I receive my 3D Secure authentication?

After confirming your order on our Checkout page, you will be prompted to authenticate your card payment. This prompt will detail where you can get the "password" or the process necessary to complete the process successfully.

Depending on the card issuer (your bank) and access control server (ACS) provider, the authentication process may be in the form of:

  • A one-time password (OTP) sent to your registered mobile phone number via SMS
  • A one-time password sent to your mobile banking application
  • A password that can be generated by your mobile banking application
  • A payment prompt that will appear on your mobile banking application where you have to "Approve"
  • A password that is only know by your bank and you
  • A password generated by a physical token provided by your bank
  • An authentication process that works through the use of smart card readers or physical security keys

This password authentication or authentication process happens directly between you (the customer) and your card issuer (your bank), through your bank's access control server (ACS) provider. We (the merchant) do not have access to your password. We are only notified about whether the payment was successfully authenticated or not through the acquirer (Stripe), after the authentication process has been completed.

Why is it so complicated?

The are many things going on at the back-end to make this work indeed but these are necessary as 3D Secure eliminates the vast majority of unauthorised transactions and increases the customer's trust and confidence in the business.

From a customer shopping experience point of view, the process only results in one additional step in the payment process, which is just the entry of the one-time password (OTP) or the approval of the transaction on the banking application. This is a small price to pay for the additional peace of mind and security.

Entering the wrong OTP or not approving the transaction on the banking app does result in the payment attempt getting declined.

If you are stuck or cannot get this to work, please contact us.

Still need help? Contact Us Contact Us