Though technological advances may have some downsides, our lives have undoubtedly been improved because of it. Who could have imagined a few decades ago that you’d be able to pay your bills, and buy groceries and electronics without even leaving your home?
But how do online payments actually work? What are the mechanisms that protect your information when you use your credit or debit card to purchase something online? By far the most widely-used one is called 3D Secure, or 3DS.
What Is 3D Secure?
If you’ve ever explored an e-commerce platform’s Terms of Service, you’ve probably come across the phrase, “We use 3D Secure to keep your card information safe.” But what does that really mean? What is 3DS, and how does it work?
3D Secure is essentially a security protocol meant to prevent fraud in credit and debit card transactions that take place online. The three Ds refer to the three domains involved in authorizing a transaction: the acquirer domain, the issuer domain, and the interoperability domain.
The acquirer domain would be the merchant, or the bank, that is accepting your transaction. As the name suggests, the issuer domain refers to the card issuer. The interoperability domain, meanwhile, refers to any system that enables electronic communication between the parties involved in the transaction.
3DS was developed in 1999, when the e-commerce industry was still in its infancy. By 2001, it was adopted by Visa, which marketed it under the Verified by Visa brand (known as Visa Secure today). Other card issuers soon followed, including MasterCard and American Express.
How Does 3D Secure Work?
How does 3D Secure work in practice, and how does it help protect your credit card information? In a nutshell, it works like most two-factor authentication protocols, such as the ones you can enable on social media platforms.
So let’s say you’re browsing your favorite online store, filling up your shopping cart with all sorts of items. Once done, you click the “proceed to checkout” button, and enter your credit or debit card information. With 3D Secure enabled, you will be redirected to a separate page (pop-up) asking you to verify your identity and confirm that you are the owner of the card. Once you verify your identity (for example, by confirming your phone number), you will be redirected back to the merchant’s website and allowed to confirm the purchase.
What Are the Problems With 3D Secure?
Having 3D Secure enabled is certainly preferable to having no protection in place, but the protocol itself is far from perfect, with the pop-up window feature being its biggest weakness because it’s relatively easy to confuse a fraudulent site with a legitimate pop-up.
Over the years, cybercriminals have used different types of phishing scams and social engineering tricks to steal cardholder information.
For example, researchers with the cybersecurity firm Gemini Advisory noted in a report that threat actors have been using increasingly innovative techniques to bypass 3DS security measures. This includes setting up phishing pages, placing scam calls, and deploying malware to unsuspecting victim’s smartphones.
Fortunately, more and more platforms are switching to 3D Secure 2.0, a new and upgraded version of the same protocol that is not just more user-friendly but also safer, since it uses biometric authentication and has a slew of other robust security mechanisms in place to prevent fraud.
Secure Your Credit Cards Online
Regardless of which security system your favorite online store prefers, there are things you can do to protect your credit and debit cards when using them on the internet. First of all, consider designating a single card for online shopping—this should minimize damage in the event of a breach.
Additionally, check if your bank offers temporary virtual credit cards, always enable multi-factor authentication, stick to using safe and trusted e-commerce platforms, keep your software up to date, and invest in strong anti-malware protection. Lastly, familiarize yourself with the most common online shopping security threats and learn how to avoid them.
Read the full article here