The Perils of 3D Secure

Some notes and links about implementing 3D Secure.

Not Secure

It has been found that the system is not secure and reported many issues with the authentication process.

Study by Cambridge University:

a textbook example of how not to design an authentication protocol. It ignores good design principles and has significant vulnerabilities, some of which are already being exploited.

Development Time

There does not seem to be a suitable solution to the problem. Our current platform has not found a solution and moving platforms could take a couple of weeks - if not more - of our time.

Shopify - lead developers of our online transaction plugin:

It will be ready when it will be ready’: this is what I was told a few days ago when I asked the developers

Developers are very much aware that a deadline is around the corner.

Some forks of the plugin we use appear to have been updated with support for 3D Secure, but none offer documentation or proven success record. Using a different version may also conflict with the existing functions.

Other companies refusing to comply with 3D Secure

Amazon: No 3D secure does not currently support the Verified by Visa program. You can still use your Visa credit card as payment for an order, but you won’t be asked to enter your Verified by Visa password.

Google Checkout: Removal of Maestro payment method

Relatively Low Chargebacks

We have only had around 7 chargebacks costing £39 each since the apparent move over in November 2009. - Alex (Finance)

Loss of Customers

Since introducing 3D secure authentication on to their website, different shops have reported a loss of payments due to the ‘hassle’ that is involved.

After introducing the Verified by Visa scheme to the site, he experienced an immediate 6% drop in conversion rates

One case of 60% losses:

It was when the customer was in the payment processing page they the sale.

Banks Moving to Visa


We are replacing our existing Maestro, Solo and Cirrus debit cards with Visa Debit cards


We are replacing our existing Maestro, Solo and Cirrus debit cards with Visa Debit cards

Ulster Bank

Starting in Autumn 2009 and continuing throughout 2010, we are changing all of our Maestro and Solo cards to Visa Debit cards.