3D-Secure is the secure protocol designed to ensure enhanced security and strong authentication for you when you use your debit or credit cards for online purchases. It is called, depending on the card type, “MasterCard SecureCode”, “Verified by Visa” and, in the case of American Express cards, “Safekey”. In the future when you transact, you may be asked to provide a special security code to the card issuing bank in order for the bank to authorise the online transaction when prompted in the Credit Card payments page. Card issuing banks have different methods of generating and delivering these codes and so if you don’t know your 3D-Secure passcode or password, and you are not being given the option to enroll online in the bank’s pop up screen, then you will need to contact your bank.
How does it work?
3D-Secure authentication is the interaction between your card issuing bank and you, where you may be requested to enter a special security code to verify you are the legitimate owner of the banking card you are either registering with PayPal or using to make a transaction. If the security code is correct, you will be able to add your credit or debit card to the PayPal account for future transactions, some of which might also prompt you to re-enter your 3D-Secure passcode or password, though this should be the exception rather than the norm. If the security code is incorrect and 3D-Secure authentication fails, you will not be able to use the card to fund a transaction until you successfully complete the 3D-Secure password challenge from your bank.
When will I need to enter this code? Do I now need to do it every time?
Our aim is to balance convenience and security, so we are adding this additional level of security in certain cases in order to keep your account safe. We will not ask for it every time and most of the time you should be able to pay by just entering your Credit Card details.
How many attempts are permitted before I’m locked out?
You will have 3 to 5 attempts to achieve a successful authentication of the card. If the code you enter repeatedly fails, you will be asked to use another financial instrument to make the payment, such as from your bank account, or your PayPal balance. Alternatively, if you are given the option in the 3D-Secure process to enrol your card or, if you’ve forgotten your password, you can click on those links to do so. Otherwise, you will need to contact your bank.
What happens if I haven’t received my 3DS password or it is declined by the bank/is incorrect?
If you’re not given the option of enrolling or being reminded of your password in the pop up on the payment page, you’ll need to contact your bank.
Do other payment service providers require this 3D-Secure?
Yes, all Payment Service Providers (PSPs) in the EU are expected to support and enforce 3D-Secure by August 1 2015.
Can I opt-out from having to enter my 3D Secure Code?
Not if you want to make a payment using a credit or debit card.
Example sign up process
The website of your bank should have a 3DS sign up page like this:
UBS Bank 3DS Sign Up: