E-commerce: Here’s What We Know About the 3D Secure Authentication System

Online payments have recently been disrupted to the point of reaching a 70% failure rate in times of high demand. At issue, changing banks and electronic payment transaction acquirers (CMI, NAPS, etc.) version 2.0 of the 3D Secure protocol, that looks like an important fix.

“October 15, 2022 was the deadline established by Mastercard and Visa to carry out this update and comply with their standards”, explains Ismail Bellali, Director General of the Center Monétique Interbancaire (CMI), specifying that “Visa and Mastercard have removed the first version of 3D Secure.”

This secure internet payment protocol, commonly known as 3D Secure or Verified by Visa” on Visa and “SecureCode” on Mastercard, appeared in Morocco in 2014. Your goal is to avoid fraud and ensure that the bank card is used by its real holder during each online payment.

Its update, which became inevitable, was released in Morocco in April 2022 “to protect Moroccan merchant websites from fraud when paying with foreign cards, before being recently introduced for national transactions”, tells us Ismail Bellali.

How it works

Free for commercial websites, but paying for banks and acquirers of electronic payment transactions, 3D Secure asks the buyer your first and last name, your credit card number, your expiration date and the three-digit security code (CVV) listed on the back of the card. In addition, the buyer must enter a dynamic one-time code, received by SMS.

Supervised by American Express, Discover, JCB, Mastercard, UnionPay and Visa, the six members of the global EMVCo organization, the second version of 3D Secure has the advantage of facilitate global interoperability and acceptance of secure payment transactions.

According to Mastercard, an American payment/withdrawal system company, 3D Secure 2.0 is also working to optimize the response time of authentication messages, so that they are not received after the Time’s up ten seconds.

What are the advantages of the new version?

While Mastercard mentions an increase in the number of transactions requiring the use of 3D Secure authentication through this update, Morocco will not be affected.

For two main reasons. Firstly, “the current success rate in Morocco (90%) is satisfactory” indicates Mr. Bellali, adding that payment failures are usually due to servers or internet connection.

And, on the other hand, our interlocutor emphasizes that this advantage cannot be exploited in Morocco because it is linked to “the possibility for a merchant website to remove the authentication code to make the transaction of regular customers more fluid”. But in Morocco, most merchant sites choose the highest level of security.

If some e-commerces still opted for an authentication process where the authentication code is not systematic, risk having to reimburse the customer in the event of fraud rather than the banks.

How to protect yourself against fraud?

How it is, 3D Secure 2.0 guarantees fraud immunity. But there is still room for improvement, because fraudsters are doubling down on their ingenuity, mainly to recover copies of national identity cards account holders, as well as your bank details.

“Usually, fraudsters sell products on social media whose prices defy all competition to attract buyers. During the transaction, they are sometimes able to retrieve a copy of the buyer’s CIN as well as their bank details,” says Ismail Bellali.

“With this information, the fraudster can recover a new SIM card from a telephone company to receive the authentication code by message”, he adds, before planning in the medium term “to move to authentication through banking appswithout going through the operator”.

Meanwhile, the Director General of the CMI advises users to be careful “to whom they communicate their banking and national identity data”, as well as “to check your bank accounts daily to reduce the risk of fraud”.

Leave a Comment