What Is 3D Secure in Travel: Definition, Meaning, Examples

3D Secure

3D Secure (3‑Domain Secure), often referred to as Payer Authentication or by brand names such as Verified by Visa and Mastercard Identity Check, is a security protocol designed to add an extra layer of authentication to online credit and debit card transactions. In the travel industry, its primary purpose is to ensure that the person making a booking is the legitimate cardholder, helping prevent unauthorized Card‑Not‑Present (CNP) fraud during online reservations.

Home
Travel Glossary
3
3D Secure

Three Domains

The name “3D” is derived from the three different parties (domains) involved in the authentication process:

  • Acquirer: The environment of the merchant (the airline or travel agency) and their bank in which the transaction details get entered.
  • Issuer: The environment of the bank (the entity that issued the credit card) of the cardholder.
  • Interoperability: This is the infrastructure (provided by payment schemes like Visa/Mastercard) that allows the Acquirer and Issuer to talk to each other to verify the transaction.

3DS 1.0 vs. 3DS 2.0: User Experience

For years, 3D Secure was despised by the travel industry because it destroyed conversion rates.

  • 3DS 1.0 (The Pop-Up Era): The old version directed the user to a separate pop-up window in which the user had to remember a static password. It was clunky and not mobile-friendly, and many travelers abandoned their booking.
  • 3DS 2.0 (The Frictionless Era): The modern version is based on massive data exchange (device ID, location, spending history) for background verification of identity. If the data appears safe, the transaction is cleared without the user doing anything. If the transaction in question appears to be risky (e.g., booking a flight from a new device in a different country), the bank challenges the user with a simple check of their biometric (FaceID) or One Time Password (OTP) sent to the customer via SMS.

Liability Shift

The best selling point for a travel merchant to use 3D Secure is the liability shift.

In case of a typical credit card transaction, if a fraudster used a stolen credit card to purchase a plane ticket, the airline will receive a chargeback and lose the money. However, if the transaction is made with the use of 3D Secure, the liability for fraud changes from the Merchant (airline) to the Issuer (bank).

Even if the card does turn out to be stolen, the airline still has the money, and the bank is left to absorb the loss since the bank is the one who authenticated the user.

Frequently Asked Questions

Is 3D Secure mandatory?

In Europe, yes. Under PSD2 (Payment Services Directive 2) regulation, SCA (Strong Customer Authentication) which 3D Secure is fulfilling, is required for most online payments. In the US and the regions, it is not compulsory, but it is highly recommended for high-value transactions in travel.

What is Strong Customer Authentication (SCA)?

SCA is a requirement that authentication should have at least two of three elements:

  • Knowledge: Something you know (Password).
  • Possession: Something that you have (Phone/OTP).
  • Inherence: What you are (Fingerprint/FaceID).

Does 3D Secure cause decline rates to rise?

It can. If the bank’s system is down or the user is not able to receive the SMS code (common if traveling), then the legitimate transaction will fail. Travel merchants often compromise between risk vs. conversion by only triggering 3D Secure on risky transactions (Dynamic 3DS).

RELATED TERMS
Payment Card Industry Data Security Standard (PCI DSS) right arrow Online Travel Agency (OTA) right arrow Payment Gateway right arrow Global Distribution System (GDS) right arrow

Leave your request

We will contact you shortly

    Thank you for your request!

    We will get back to you as quickly as possible

    GP Solutions