Guides
Dashboard Login

3D Secure transactions

Overview

3D Secure provides an extra layer of protection for your business and customers for their online purchases. 3D Secure deters unauthorised card use and helps you to reduce fraudulent activity and chargebacks.

3D Secure stands for Three Domain Secure, and is the payments industry standard for secure online credit and debit card transactions. It requires your customers to authenticate themselves with their card issuer when purchasing online, proving that they are the legitimate cardholder. Customers authenticate themselves via Strong Customer Authentication (SCA), which is a two-factor authentication process. They must provide two of the following three factors:

  • A knowledge factor - something only the customer knows, such as a password or PIN.
  • A possession factor - something only the customer has, such as a mobile phone number or email address.
  • An inherence factor - something the customer is, such as a fingerprint or facial recognition.

The benefits of complying with 3D Secure include:

  • Reducing the risk of fraud and chargebacks.
  • Shifting liability for chargebacks from you to the cardholder's bank.
  • Increasing customer trust and confidence in your business.

How 3D Secure works

The following is an example of how authentication works with 3D Secure:

3D Secure flow

  1. Customer makes a payment on your website.

  2. By default, OnlinePay uses 3D Secure to authenticate the transaction.

  3. In most cases, the 3D Secure process is invisible to the customer.

    3a. However, if the transaction is deemed high risk, the customer may be challenged to authenticate themselves using a one-time password (OTP) or biometric data (e.g. fingerprint or facial recognition).
    A high-risk transaction may include:

    • A large transaction amount.
    • A transaction from a different country than the cardholder's usual location.
    • A transaction from a new device or browser.

  4. Once the transaction is authenticated with 3D Secure by the card issuer, the payment is sent to the cardholder's issuing bank for authorisation.

  5. The issuing bank checks the transaction against multiple data points. If everything is in order, the bank authorises the payment.

  6. Payment is processed and the transaction is complete.

Updated 5 months ago

St. George BankSA Bank of Melbourne

This information is a general statement for information purposes only and should only be used as a guide. While all care has been taken in preparation of this document, no member of the Westpac Group, nor any of their employees or directors gives any warranty of accuracy or reliability nor accepts any liability in any other way, including by reason of negligence for any errors or omissions contained herein, to the extent permitted by law. Unless otherwise specified, the products and services described are available only in Australia.

© St.George, Bank of Melbourne and BankSA – Divisions of Westpac Banking Corporation ABN 33 007 457 141 AFSL and Australian credit licence 233714.