How common is 3-D Secure with US credit card users?
For online transactions, the 3-D Secure layer seems to be a pretty good idea. It's seasoned and well-tested (read: old) and a lot of credit card companies in Europe offer it. For example, a lot of German banks that give out credit cards for their bank account customers have Verified by Visa or MasterCard Secure Code turned on by default today (that's in 2016).
It works by sending the customer to their bank's/card's website where they have to enter some kind of verification information. That can be a password (or a selection of multiple secret information along the lines of mothers maiden name), SMS TAN, photo TAN, TAN list or two-factor authentication with a token generator. If the bank likes it, they approve and send the customer back to the merchant.
Not a lot of people would know what this is called, but they know that they need to do this SMS TAN thing when they pay for airplane tickets online with their credit card.
But what about the US? Is 3-D Secure widely available to US customers, and do they use it?
Would Average Joe be able to buy something online from, say, a Ukrainian airline website that enforces 3-D Secure or turns you down if your card does not support it?
(5)5 Comments
Sorted by latest first Latest Oldest Best
Not common at all. I work closely with payment gateways and more and more payment gateways from the US are now asking about 3D Secure 2.0, the new version of the protocol.
The 3D Secure 2.0 will make it very easy to skip the authentication for many transactions (90-95% even) and this makes it attractive to the payment gateways and merchants. They don't have the chargeback liability yet the process is as frictionless as it can be.
It's not very commonly used. One reason is that the verification process when making a purchase carries its own security vulnerabilities. It pops up a windoid in the user's browser which can't be verified as belonging to an authorized source, so it invites phishing/spoofing exploits.
In answer to your question, Rare to Unknown.
People don't want to be bothered with additional steps, passwords, or other things.
Edit: I have no formal source to show this, however:
3-D (or something very similar) was introduced years ago by one of my banks (BoA or Chase, I don't remember), and removed again after some weeks with that reason - 'large numbers of customers continuously complaining';
with the same reason, PIN usage on chip-credit cards is generally disabled in the US.
Edit: The answer is, "Not Very". 3-D Secure is not very well received, many of us who opted in have since opted out.
MasterCard Secure Code was used by my bank for my debit card. It was an opt in program and I discovered that opting in was a mistake. I forgot the password I set and instead of a 5 minute online transaction, it turned into a 2 hour transaction as I blundered around looking for how to reset the password. My opinion is that we will see NFC based payments grow before multi factor authentication based credit cards, since phones already have the ability to do multifactor authentication on credit card transactions. ApplePay, when it's available, is very convenient, and uses biometric authentication.
The US credit system has evolved to have a very healthy appetite for fraud in the name of transaction simplicity. By and large, end users have no fraud liability. Very large merchants may absorb some fraud liability in their negotiations to reduce fees. But overall the US system is concerned with increasing the rate of transactions and keeping them as frictionless as possible.
Other than end user complaints, the biggest pushback on the move to chip based transactions in the US is coming from Walmart. Walmart doesn't like that Visa and Mastercard require the POS systems to force a chip transaction if the card has a chip. Walmart already absorbs some of the fraud liability and these chip transactions are slower which ultimately costs money. While the estimated annual total credit card fraud number is very high it's only a few basis points compared to total transactions cleared annually. There's no reason to reinvent the wheel or add cumbersome layers of security for what would be a very marginal gain in my opinion.
I don't want to jump through hoops to save my bank money. They make money when I use the card, they should want me to use it. I don't carry the fraud risk, so I don't want to remember pins, or double authenticate transactions; unless maybe if the transaction was particularly large, say greater than 0. Life is far too short to stand in line at the grocery store waiting for the person in front of me to receive an SMS auth code to buy a pack of potato chips.
I've been confronted by Verified by Visa and Mastercard Secure. Honestly I'm not sure what caused them to pop up, but I was able to get through the additional steps of the transaction. If I had to do it every time I'd likely use a different card.
I'm from the US, and that's my take on 3D secure.
Terms of Use Privacy policy Contact About Cancellation policy © freshhoot.com2026 All Rights reserved.