3D Secure stands for 3 Domain Secure. There are 3 parties involved in the 3D Secure process which are:

•   The Vendor


•   The Acquiring Bank


•   Visa and MasterCard

3D Secure is a culmination of Verified by Visa (VbV) and MasterCard Secure Code (MSC). 3D Secure is the latest fraud prevention initiative launched by the card schemes as a more secure method for authenticating the shopper at the time of the transaction. Visa and MasterCard will take responsibility for your 3D Secure Authenticated transactions, taking the liability and reducing the risk of chargebacks your receive.

Capturing Information

3D Secure is a culmination of Verified by Visa (VbV) or MasterCard Secure Code (MSC). 3D Secure is the latest fraud prevention initiative launched by the card schemes as a more secure method for authenticating the cardholder at the time of the transaction. For more information on how this authorization process works, please refer to our 3D Secure authentication process section below.

If you have registered and set up 3D secure on your site with Protx, your shoppers will be given the option to register their cards and/or verify their transaction.

Once the shopper has entered their card details on the Protx payment page they will be prompted on the confirmation page to register their card for 3D Secure (if they have yet to do so) or proceed with the transaction and enter their pins.

If they have yet to register, they will be passed through the following stages three steps (the steps below are an example):

If they have already registered their cards, they will be redirected to the Verified by Visa/MasterCard Secure Code website to enter their password:

Once they have submitted their password, the transaction will continue with the authorisation process and then either direct the shopper to your success or failure page.

For further information about these schemes please click on the icons below:

     http://www.visaeu.com/verified/

    http://www.mastercard.com/securecode/

3D Secure is becoming an Industry standard. By 2007, Protx will require that all our vendors use this service. As well as being a free service that Protx provide, 3D Secure is also a value added tool. It is easy to set up and can compliment your already existing fraud screening options of AVS/CV2 and The 3rd Man to assist you in reducing the risk of fraud.

BENEFITS:

•   Liability shift: The major benefit to you as the vendor is that a transaction fully 3D-  Secure validated, cannot be charged-back to you if it is subsequently found to be   fraudulent. You are protected by the card issuer against such chargebacks because the   bank themselves assume the liability.



•   No additional charges: There are no additional charges for VbV and MSC from Protx.   Your acquiring bank may charge you to add this to your merchant number, but you may   also find that they will lower their charges to you if you support these schemes.



•   Flexibility: You have the option of setting up a rule base on your Protx account to   automatically accept or reject transactions depending on the 3D Secure results.



•   Cards that are part of the scheme: VISA, VISA DELTA, MASTERCARD, UK MAESTRO,   SOLO, and VISA ELECTRON.



•   Easy to set up: You control the set up in your VSP Admin area.

LIMITATIONS:

•   Chargebacks can still occur: A 3D secure validated transaction will not protect you in   circumstances such as in the event where the customer denies receipt of goods.



•   Not all cards are part of the scheme: As yet there are no similar initiatives for   American Express, JCB or Diner's Club.

Due to the limitations listed above, it is a good idea not to rely on these schemes solely, but rather to use the results as part of your overall fraud screening process.

3D Secure is an extra step the customer must take to process their order.

After the shopper has chosen their goods and elected to pay, they will be sent to the Protx Payment pages on the Protx secure servers, or the vendor's own card entry screens. There, they will enter their card details and submit them for processing.

When submitting their card details, depending on the card type they entered, they will be redirected to a Visa or MasterCard page.

1.   If they have registered their card for 3D Secure, they will be asked to enter their  3D Secure password.


2.   If they have not registered their card before, they will have the option to do so, there   and then.


3.   If they have not registered their card and do not wish to do so they can bypass the   process.

If the shopper has registered their card for 3D Secure, Visa or MasterCard will verify the shopper and if correct will the transaction will continue as normal and be sent to the bank for authorisation.

If the customer chooses to bypass the scheme they will still be passed to the bank for authorisation unless you have set up a Rule Base to reject them.

The diagram below shows the basic process of a 3D Secure Authenticated transaction

Once the customer has been verified by Visa or MasterCard, you will not be liable for a chargeback if the customer later denies the transaction. However, if they deny receipt of the goods then you will still be held liable.

N.B: You can still choose to accept a transaction that has not been verified, but you then accept the liability of the transaction yourself.

Please note, as with all transactions through the Protx system, you are able to set up a
Rule Base on your account to block certain transactions dependant on the result
outcome from the banks.

In order to use the 3D Secure service that Protx provides, your acquiring bank (where you obtained your Internet Merchant number from) and Protx will need to make some changes to your account.

As 3D Secure is a new Industry standard and new to the Protx environment, it is something that will need to be physically added onto your account; it is not set up as default.

Requirements to Use 3D Secure with Protx

•   You must be using our latest VSP Protocol version 2.22.
  
    If you are using a Shopping cart software, please be aware that not all of them support   this Protocol. This will be something that you will need to confirm with them before   requesting this service.
  
    3D Secure will not work with any older versions of our system. To download our most   recent integration protocol guidelines click here



•   You must be using one of our ecommerce products such as VSP Form, VSP Server or   VSP Direct. 3D Secure will not work with VSP Terminal Accounts (telephone Orders only)   as this defeats the object of the service.
  
    N.B: If you are using our VSP Direct product (if you are a call centre) and use a
    MOTO Merchant number you will also not be able to use the 3D Secure service.

Barclays Merchant Services merchants who would like to use 3D Secure should take the following steps:

•   You must be using our latest VSP Protocol 2.22, 3D Secure will not work with any older   versions of our system. If you are using a shopping cart, please check that your cart   supports VSP Protocol 2.22.


•   You must contact Barclays Merchant Services directly and request that 3D Secure be   set up on your merchant account. To do this please call Barclaycard Merchant Services   customer service centre on Tel: 0870 60 600 60. Make sure that you have your   Merchant number to hand when you call this number. You will need to request that 3D   Secure is set up on your merchant account for use with Protx. Please be aware that   BMS may charge for 3D Secure to be set up on your account.


•   As soon as BMS have set up 3D Secure on your Merchant account, you will receive an   email from their Ecommerce Support team to inform you of your Visa and MasterCard   registration details for 3D Secure. You will need to forward this email to the
    support team as soon as you receive it.

Lloyds TSB Cardnet, Bank of Scotland, NatWest Streamline and HSBC merchants who would like to use 3D Secure should take the following steps:

•   You must be using our latest VSP Protocol 2.22, 3D Secure will not work with any older   version of our system. If you are using a shopping carts, please check that your carts   supports VSP Protocol 2.22.


•   You must email the support team is you wish for 3D Secure to be added to your Protx   account.


•   There is no need to contact your bank. Protx support will let you know once your   merchant account has been set up for this service. We send all requests to your   acquiring bank every Monday and Wednesday morning.


•   The acquiring banks will take up to 14 working days to allocate this to your Internet   Merchant number. This timescale commences from the moment we send the request to   your acquiring bank and not when you submit your request to Protx. All requests are   made on a first come first served basis. We cannot fast track any requests as this is a   process that Protx need to complete with the acquiring banks.


•   Once we have had confirmation back from your acquiring bank that this has been set up,   we will add 3D Secure on your TEST and LIVE Accounts. You will need to log into your   VSP Admin area and make sure that you have activated 3D Secure in your Protx settings.

Once confirmation has been received from the acquiring banks, we will configure your Protx account to use this service but will not activate it. This will be assigned to you to do when you are ready.


Activating your 3D Secure service

When Protx have confirmed your account has been set up with 3D Secure, you will be able to log into your VSP Admin area and turn the service on. You will see a 3D Secure section in your Account parameters area in your "Administration" section (see screenshot below).


      



You will be able to turn this service ON or OFF from here.

Once you have turned on 3D Secure in your Admin area you will be presented with a Rule Base section that allows you to manage your 3D Secure transactions, allowing you to choose what transactions to accept (see screenshot below).



      

What is a Rule Base?

A rule base allows you to tailor the way in which 3D Secure authentication responses are handled on your account with Protx.

When a rule base is set up on your account you will be rejecting transactions which do not pass your rule base. In this way you can prevent fraudulent transactions from being authorised.

The use of a rule base together with other fraud prevention procedures will enable you to greatly reduce the risk of fraud and therefore the number of chargebacks you receive.


What is a Protx 3D Secure Rule base?

A 3D Secure rule base is the ability to automatically decide which transaction you wish to process. You can actively reject transactions based on the 3D Secure results from Visa and MasterCard.

After the 3D Secure response has been returned to Protx, the response is checked against your Protx 3D Secure rule base. If the response is not allowed through your 3D Secure rule base, the transaction does not go any further and the shopper is taken back to the Protx card details entry screen to try again. They have 3 attempts to enter the correct information before our system archives this transaction as FAILED.


N.B: A 3D Secure rule base is applied before the transaction is sent to your acquiring bank for authorisation. This means that no money will be taken for a transaction which does not pass your 3D Secure rule base.

If you do not apply a 3D Secure Rule base, all transactions will be processed unless they FAIL to get a
3D Authentication by entering incorrect 3D Secure details.

If you want to stop transactions which return anything other than "The transaction FAILED
3D-Authentication" then you will need to set up a 3D Secure rule base.


How to set up a 3D Secure Rule base in VSP Admin:

Once you have received confirmation from Protx that 3D Secure has been set up on your Protx account, you are then able to activate this service and set up a 3D Secure rule base in VSP Admin.

Please follow the steps below to access and set up your 3D Secure Rulebase:

•   Log into your Protx VSP Admin Account and hover over the "Administration" button and   choose the 'Account Parameters' menu option.

You should see the following 3D Secure section:

•   Turn on 3D Secure by clicking the TURN ON button and the screen will look like this:

      

•   If you have 3D Secure switched on, you can add a rule base by entering the Price Start   and Price End values and ticking the boxes next to the rules you wish to allow for that   price range. When you are happy you should click the 'ADD' button to add your rule base   to your account.

Examples of Common Rule bases

Strict Rule base

This rule base will only allow a transaction to be authorised if the 3D Secure response returns as OK (Fully Authenticated). This is the best possible result for 3D Secure responses (see screenshot below).


      



If you apply a rule base as strict as this, you may well be declining genuine shoppers. For example, this rule would decline cardholders whose card is not part of the 3D Secure scheme.

N.B: £100,000.00 is the maximum our system will allow, so having £0 - £100,000.00 will cover all transactions.


Medium Rule base

A medium rule base is a good option for most vendors.

This rule base will only allow a transaction to be authorised if the 3D Secure response returns as OK (Fully Authenticated), the card is not part of the scheme, or the card issuer is not part of the scheme for a price range of £0 - £100,000.00 (see screenshot below).


      



If you apply this rule base you will allow most genuine shopper's transactions to authorise whilst preventing most fraudulent transactions on your account. You may want to consider combining this rule base with other manual checks or Preauth/Deferred transaction processing.

N.B: You are not restricted to one rule. You can apply as many rules as you see fit.

•   You could set a medium rule base for transactions of small value (£0 - £100.00) and set   a strict rule base for higher value transactions (£100.00 - £100,000.00)

Other Factors

When applying a 3D Secure rule base, you need to be aware that if you have applied an
AVS & CV2 rule base, your transactions could pass your 3D Secure rule base but fail your
AVS & CV2 rule base or vice versa.

In your VSP Admin reports, you will see your 3D Secure results listed. They are listed in your 'daily transaction list' and your 'transaction details' page. They are referenced by colour coded flags i.e. 

Transaction list

When you select the 'Transaction' button in your VSP Admin and choose the 'transaction list' option your reports will show you what the 3D Secure results were for your transactions in the '3D' column under 'Fraud Results'


                 


There will be either:

•   Green   - Successful 3D Authenticated
•   Yellow  - Not part of the scheme
•   Red      - Failed or Error

Transaction Detail page

By clicking on a 'VendorTxCode', you can view it in more detail:


                 


The Fraud Screening section will list all your fraud screening results as well as 3D Secure in more detail.

It will show the coloured flag and some text explaining the result.

3D Secure Results explained

When you have 3D Secure active on your Protx account, you will see the Visa and MasterCard responses clearly in your VSP Admin area in your transaction reports.

To determine which 3D Secure rule you should apply to allow each 3D Secure response, please refer to the table below. The table lists the VSP Admin 3D Secure indicator flag, VSP Admin 3D Secure Message, 3D Secure Status returned to your site, and the 3D Secure Rule you should use to allow a transaction with that 3D Secure response to continue authorisation with the bank.