What Is 3D Secure? Definition, Payment Flow, and Examples
3D Secure (3DS) is a cardholder-authentication framework for card-not-present payments that exchanges risk and authentication data across three domains. This guide focuses on 3DS's real role, boundaries, and common points of confusion.
Key points
- Definition: 3D Secure (3DS) is a cardholder-authentication framework for card-not-present payments that exchanges risk and authentication data across three domains.
- Flow position: 3-D Secure is a cardholder-authentication framework for e-commerce, and EMV 3DS is the current specification family maintained by EMVCo.
- Do not confuse: 3DS / EMV 3-D Secure
How it fits into the payment flow
For 3DS, the relevant process is as follows: 3-D Secure is a cardholder-authentication framework for e-commerce, and EMV 3DS is the current specification family maintained by EMVCo. Risk data can support a frictionless flow or lead the issuer side to require a challenge before or alongside authorization.
A practical review of 3DS should account for this: frictionless does not mean no authentication processing; it means the user commonly has no extra interaction. A challenge can use app confirmation, a one-time code, or another supported method. Issuer and program implementations vary.
Practical example
At e-commerce checkout, 3-D Secure lets the issuer side assess the transaction and decide whether interaction is needed. The authentication result informs authorization without replacing funds and account checks.
How it differs from related terms
| Term | Definition |
|---|---|
| 3D Secure | is a cardholder-authentication framework for card-not-present payments that exchanges risk and authentication data across three domains |
| EMV 3-D Secure | is the modern 3DS specification framework maintained by EMVCo, supporting richer device data, frictionless, and challenge flows |
| CVV/CVC | is a short card security value commonly checked in card-not-present payments and is not the cardholder's PIN |
3DS focuses on the fact that it is a cardholder-authentication framework for card-not-present payments that exchanges risk and authentication data across three domains. EMV 3-D Secure, by contrast, is the modern 3DS specification framework maintained by EMVCo, supporting richer device data, frictionless, and challenge flows. They can appear in one transaction while answering different questions.
Use cases and limits
A key limit of 3DS is the following: successful authentication does not guarantee authorization. A failed challenge should not be answered by repeatedly entering codes on an unfamiliar page. Merchants must also protect redirects and callbacks.
Frequently asked questions
These answers address two common search questions about 3DS.
Is it the same as EMV 3-D Secure?
No. 3D Secure (3DS) is a cardholder-authentication framework for card-not-present payments that exchanges risk and authentication data across three domains. EMV 3-D Secure (EMV 3DS) is the modern 3DS specification framework maintained by EMVCo, supporting richer device data, frictionless, and challenge flows. Compare the object, processing stage, and responsible party.
Does a frictionless flow mean that 3DS was not used?
For 3DS, no. It generally means the 3DS risk assessment did not require additional cardholder interaction; authentication data can still be exchanged in the background.
These primary sources support the definition and process for 3DS. Current product, network, and local rules still control a real transaction.