Introduction
3D Secure is the new protocol being developed by the main players in the credit card payments business; its purpose is to provide a more robust level of security by verifying the identity of a card holder. This will be achieved by prompting the card holder to provide a password during the card verification process, thereby introducing a 'personal' element of security.
3D Secure will effectively deal with many forms of Card Not Present (CNP) fraud. So what could be possibly wrong with it?
If everyone were singing from the same hymn sheet then it would be a great idea. As things stand right now, however, it appears that the choreography that one might hope for in a project like this simply is not present. MasterCard estimates that we are a year away from complete coverage. Many companies that are supposed to be implementing it are dithering for one reason or another. Sometimes the hesitation is for business process reasons, but mostly it is because the latter arrivals to the table can benefit from the hard lessons learned by the early adopters.
Paul Baker of Master Card gave us a clear update on the status of SecureCode, the Master Card version of 3DSecure:
'With over 40,000 merchants live in Europe and some 11.8m cardholders live and participating in SecureCode at the end of 2005 MasterCard believes that adoption has been very positive. Further merchants and cardholders will go live as the UK Debit market adopts SecureCode for its Maestro card base. MasterCard undertook extensive advertising of SecureCode in the UK in last quarter 2005 with significant increase in awareness and cardholder adoption experienced. MasterCard will continue to actively progress SecureCode adoption in support of both Credit and Debit products in 2006'.
Let's take a look at the 3D Secure landscape to get a handle on the key concepts.