3D Secure (3DS) is an authentication protocol designed to reduce fraud in card-not-present transactions — that is, online and phone payments where the physical card is not swiped or tapped. Originally introduced by Visa under the brand name “Verified by Visa,” and adopted by Mastercard as “Mastercard SecureCode,” the protocol adds an extra verification step between the cardholder and their issuing bank during checkout. The “3D” refers to the three domains involved: the merchant (acquirer domain), the card network (interoperability domain), and the issuing bank (issuer domain).
The current version, 3D Secure 2 (3DS2), represents a significant improvement over the original. Where 3DS1 typically redirected the customer to a separate bank page to enter a static password — causing high cart abandonment — 3DS2 uses a risk-based approach. It passes over 100 data points to the issuing bank, including device fingerprint, transaction history, and shipping address. If the bank considers the transaction low-risk, the authentication happens silently in the background with no customer interaction at all. This “frictionless flow” can approve transactions in under a second. Only higher-risk transactions trigger a challenge, which now usually takes the form of a one-time passcode sent via SMS or a push notification to the customer’s banking app.
Beyond fraud prevention, 3D Secure has a critical business implication: liability shift. When a transaction is successfully authenticated via 3DS, liability for fraudulent chargebacks shifts from the merchant to the card-issuing bank. This means the merchant is protected from losses on authenticated transactions that later turn out to be fraudulent. In the European Economic Area, 3DS2 is also a primary mechanism for meeting Strong Customer Authentication (SCA) requirements under PSD2, making it not just beneficial but legally required for most online card payments in that region.
Shuttle Global supports 3D Secure across its payment products, handling the protocol complexity so platforms do not have to build and maintain their own 3DS integration. Through Embedded Payments, Shuttle manages the 3DS2 authentication flow within the checkout experience — initiating the challenge when required by the issuer and processing the frictionless flow when conditions allow. Because Shuttle connects to over 40 PSPs, it normalises the differences in how each processor implements 3DS2, giving platforms a single consistent integration regardless of which acquirer sits behind the transaction. For Payment Links, the 3DS flow is handled entirely within Shuttle’s hosted checkout page. This means platforms gain the fraud protection and liability shift benefits of 3D Secure without adding any authentication logic to their own codebase.