UK Merchant Options For Integrating 3D Secure Payments
To protect yourself from taking fake payments credit card providers and banks have developed 3D secure to try and combat internet fraud.
But surprisingly, few payment gateways support it, and I've researched and compiled a list which I'll update as each payment provider makes it available.
I've also added 3D secure support to the payment gateway provider comparison chart.
These are the UK payment gateways that process 3d Secure payments through cloud-based shopping carts:
Cardstream has a shopping cart plugin developed for Lemonstand which is licensed under GPL. Details here.
Shopify has a plug in developed for Cardstream. Details here.
See the Cardstream Review
Sagepay has a shopping cart plugin developed for Lemonstand. Details here.
Shopify has a plugin developed for Sagepay. Details here.
See the Sagepay Review
Shopify can process 3D secure payments through Worldpay (offsite). Details here.
See the Worldpay review
If you use Website Payments Pro, then you can take 3D secure payments via Paypal. Using Paypal means you can integrate with any cloud-based shopping cart platform, but it's an expensive way of doing business. Please read the post on transaction charges before you decide that Paypal is a good option for you.
Lemonstand makes it very easy to integrate third party shopping cart solutions, but Worldpay is not yet supported. It should take an experienced developer between 8-16 hours to get this job done.
Stripe is currently beta testing 3D Secure.
What Is 3D Secure?
If you've done any online shopping in the UK recently the chances are you've run into 3D secure fraud prevention. It is an additional level of credit card security that allows the consumer to associate a password with their credit card for purchases online.
3D secure is a fraud prevention technique initiated by Visa/Mastercard so it currently only supports those credit and bank cards.
Why Use it?
There is no extra cost involved in using 3D secure.
On the face of it implementing 3D secure should mean that your transactions are more secure and you will be less exposed to the dreaded credit card "chargeback".
However, because you are introducing another level of password security, the tradeoff is that you'll have an increase in the number of abandoned shopping cart sessions because users who can't remember their password will leave. Also, the process is open to Phishing attacks because you can reset the password by knowing the user's Date Of Birth (DOB) which are publicly available records.
The other problem with 3D Secure is that the inline frames used by the authentication process often do not display or render correctly on mobile devices and there is a good argument for using credit card payment gateways that do not use the authentication process or disable it.
Until there is 100% acceptance of all bank and credit cards for a unified stance on 3D secure or an alternative protection system, it is questionable whether adhering to the standard benefits you as a merchant.
While I have pointed out in my guide to transaction charges that Paypal can prove to be a costly way of doing business, their verification system whereby they make a dummy low-value transaction against the card holders card is a secure way of proving that the card belongs to the cardholder.
Although it is no guarantee that the transaction taking place has not been hijacked by an unauthorised person, combined with 3D secure, it is the best protection against online shopping fraud you can currently get.
My advice is to implement 3D secure and test and measure your abandoned cart rate against having it turned off which you can easily do in the payment provider control panel. Only this way will you know the real cost of implementing a fraud protection feature that is not a universal standard.