What is the point of 3D Secure?

[deniser]

I have turned 3DS on as an experiment.

I know the liability shifts to the card company rather than the retailer but, I'm struggling to see the point of 3DS when the transactions go through anyway, whether the customer typed the correct password in or not.

A genuine cardholder is going to use it anyway so you don't need a liability shift because they're not fraudsters.

And anyone who isn't a genuine cardholder won't know the password but can still proceed with the transaction. The only difference is the system notifies you that they attempted 3DS but the sale still goes through and liability shifts to the retailer.

So what does the retailer gain or are we supposed to manually reject and refund all the transactions which weren't 3DS authorised?

 

[ecoleman]

It depends on your payment provider. Sagepay lets you setup your own rules for rejecting or accepting payments.

We use Secure Trading and we have to get them to setup the rules for us, we automatically decline any card payment where the card is 3DS enables but the password was entered incorrectly.

Speak to your payment provider, they should be able to help.

 

[deniser]

Thanks for that. Paypoint tell me I can set it to reject if the password is wrong. Paymentsense tell me I don't have any options which seems strange. Does anyone know otherwise?

 

[JPMiddleton]

No idea about those providers, but PayPal (PRO) let us switch it on or off at ease. I'm a big fan of 3D secure. I had a chargeback recently for a substantial sum which was for an unauthorised payment (NOT item not received) and they sided with me because they were authenticated by 3d secure and said the bank agreed I wasn't liable.

 

[ssh]

Additional layer of security.