3-D Secure is an anti-fraud protocol adopted by Mastercard, American Express, Visa, and JCB International that offers another layer of protection to online payments.

In the traditional 3-D Secure protocol, each time a cardholder uses a credit or debit card at a participating merchant, that cardholder is authenticated before the transaction can proceed. Authentication in a traditional 3-D Secure environment is based on a password that cardholders create when they enroll their credit cards, and every transaction is challenged.

The 100% challenge rate in traditional 3-D Secure negatively impacts issuers, merchants, and cardholders alike. Any activity that interrupts the purchase flow increases the likelihood of shopping cart abandonment, which reduces revenue for both issuers and merchants. The negative experience created when cardholders forget their passwords also increases the likelihood of cart abandonment, and reduces use of that particular card, further impacting issuer revenue.

The new EMV 3-D Secure 2.x protocol mitigates the negative shopping experience that came along with the legacy 3-D Secure protocol by giving merchants full control over the session. In addition, the new EMV 3-D Secure 2.x protocol suggests a risk-based approach.

RSA Adaptive Authentication for eCommerce has offered a risk-based approach for over a decade and provides high fraud detection rates through strong authentication while eliminating the poor cardholder experience that negatively impacts issuer revenues. With risk-based 3-D Secure, which utilizes machine-learning techniques and anti-fraud expertise, credit card issuers can reduce fraud while protecting revenues.