Fraud prevention for e-Commerce transactions using 3D Secure

3D Secure authentication

The worldwide standard for online payment authentication

What is 3D Secure?

3D Secure is an XML-based protocol, designed by Visa, that adds an additional security layer for online credit card transactions. The service is offered to customers as Visa Secure. This protocol has also been adopted by Mastercard, JCB, American Express and Diners Club International with the services named SecureCode, J/Secure, SafeKey and ProtectBuy, respectively.

About 3D Secure authentication

3D Secure is an authentication protocol for online credit card payments, and it has been the de facto authentication standard since the year 2000. A recent revision to the protocol has produced "3D Secure 2”, which includes many added features and benefits over 3DS1. But while the industry is gradually transitioning from 3DS1 towards its successor, 3DS1 still remains the most widely adopted authentication protocol for eCommerce transactions. 3D Secure was designed by Visa in 1999, and has since been adopted by other card schemes. You may have used 3D Secure before when asked to type in a password during eCommerce checkout, or you may recognise the protocol by its various market branded names.

3DS1 has been widely deployed in all countries around the world, and has a long, proven record of solving credit card fraud issues for merchants, payment gateways, and banks alike.

3ds2 badges
How it works
The capital "D" in "3D Secure" stands for "domain", and there are 3 of them: the acquiring domain, the issuing domain, as well as the interoperability domain to link the two together.
3dsecure 1 authentication flow
Issuers Icon
Issuing domain

Access Control Server (ACS)

The issuing domain is where the issuing banks operate. They are the ones who issue cards to cardholders, who then use the card to purchase goods and services. The issuing bank needs to deploy an Access Control Server, also known as "ACS", in order to receive 3D Secure messages, process the messages, and authenticate the card user.
directory server icon
Interoperability domain

Directory server

The interoperability domain consists of just the Directory Server, which is deployed by card schemes, and can be considered the glue between the acquiring and issuing domains. If a merchant wants to authenticate a credit card and its user, how do they know which issuing bank to contact? The answer is simple: they send a message to the card scheme's Directory Server, which holds a "directory" of all the BIN ranges corresponding issuing banks. The Directory Server will receive the message from the MPI, check the card number against the BIN range directory that it holds, and forward that message onto the correct issuing bank. The issuing bank would then proceed with authenticating the card user.
Shops Icon
Acquiring domain

Merchant Plug-In (MPI)

The acquiring domain is where the merchant, payment gateway, and acquiring banks sit. They initiate the transaction, which they wish to be authenticated. In order to do so, entities in the acquiring space need to deploy a "merchant plug-in", also known as "MPI".
Timeline of 3D Secure 2 regional mandates
Timeline of 3D Secure 2 regional mandates

*The dates in this timeline are received directly from the card schemes. GPayments recognises that these dates are subject to change due to external circumstances.

Where does GPayments fit into this?

As specialists in 3D Secure, we developed all components of the 3D Secure ecosystem. Whether you're a merchant in the Canada, an issuing bank in Italy, or a regional card scheme in South East Asia looking for a Directory Server, we have the right solution to help you with all your 3D Secure needs.

A cutting edge 3DS Server solution to authenticate transactions

Cloud deployment ready

EMVCo certified

Effortless customer experience

Right out of the box deployment in your own environment

Interoperability with 3DS1 Protocol

Right out of the box deployment in your own environment

Learn More
A stable and cost effective solution for acquiring side authentication

Our MPI, aptly named "ActiveMerchant", provides acquiring side cardholder authentication. ActiveMerchant is a very stable and mature product with easy installation, a standard API based integration, and an intuitive user interface. ActiveMerchant has been tried, tested, and proven by online merchants, payment gateways, acquiring banks from all 5 continents of the globe.

    Learn More
    A new approach to authentication

    ActiveAccess is our ACS solution, and has been deployed by issuing banks, enterprises, government, and other application service providers from all around the world. ActiveAccess provides 3D Secure eCommerce transaction authentication, as well as multi-factor user authentication. ActiveAccess also can process both 3DS1 and 3DS2 transactions, which means clients can easily support both protocols during the transition period.

      Learn More
      A cutting edge 3DS Server solution to authenticate transactions

      Native mobile Support

      Available for both Android and IOS

      Complete ActiveServer integration by default

        Learn More

        Interested to know more about 3DS1 products?

        Thank you! Your submission has been received!
        Thank you! Your support inquiry has been received!
        Oops! Something went wrong while submitting the form.
        For general queries, please email
        gpayments logo
        Copyright © 2021  GPayments Pty Ltd. All rights reserved.
        Privacy Policy / Cookies 
        / Company Policy