3D Secure (3DS)

3D Secure is an authentication step that verifies a cardholder during online payments and can shift fraud-chargeback liability to the issuer.

3D Secure (3DS) is an authentication layer for online card payments that asks the cardholder to prove they are who they say they are — typically via a bank app confirmation, a one-time code, or biometrics. When authentication succeeds, it strengthens the payment against fraud and can shift chargeback liability away from the merchant.

The three domains

The "3D" refers to the three domains that exchange messages during an authenticated payment:

  • Acquirer domain — the merchant's bank or payment processor.
  • Issuer domain — the cardholder's bank, the issuer, which decides the challenge.
  • Interoperability domain — the card network infrastructure routing messages between them.

Modern 3DS2 aims for a frictionless flow: the issuer uses transaction data to approve low-risk payments silently, only stepping up to a challenge when risk warrants it.

Liability shift

The headline benefit is the liability shift. When a payment is successfully authenticated with 3DS, responsibility for fraud-related chargebacks generally moves from the merchant to the card issuer. If a payment skips authentication under an exemption, that liability stays with the merchant or acquirer.

3DS and SCA

In Europe, 3DS is the primary way merchants meet Strong Customer Authentication (SCA) requirements under PSD2. Applying 3DS satisfies the rule that certain electronic payments include two independent authentication factors. Used well, it reduces fraud without adding needless friction; applied bluntly to every payment, it can hurt conversion.

Related terms

Updated July 6, 2026