What is 3D secure on a bank card, how to activate/deactivate the service and how to use it

[CarderPlanet]

To prevent attackers from using the lost owner card, the 3D Secure function was invented. What it is, how to connect it and how to use it - all this will be discussed further.

Contents

• 1 What is 3D secure in simple words
  • 1.1 Why 3D
  • 1.2 How the protocol works
• 2 How to connect 3D Secure
  • 2.1 By contacting the office of the local branch of the bank
  • 2.2 By phone
  • 2.3 Via ATM
  • 2.4 Through online banking
• 3 Disable 3D Secure
• 4 How can the user know about connecting the card to the 3D Secure protection technology
• 5 Cards with 3D-Secure
• 6 Interesting Facts About Safety
• 7 Advantages and disadvantages of the system
• 8 How to avoid fraudsters and bypass the security system
• 9 Payment with 3D Secure (detailed instructions)
• 10 Question - answer

What is 3D secure in simple words
For the safety of cardholders, the following protection levels have been introduced:

• CVV code. Located on the back of the card. Designed to confirm the authenticity of cards when making a purchase or withdrawing money.
• Name cards. Such a card differs from an unnamed card in that it has the owner's name and surname on the front side. Using it, it will be more difficult for an attacker to pay for goods at retail outlets, since the seller may demand to present a passport.
• Pin codes. Such a code is invented by the owner himself during the first use of the card. Protects against the withdrawal of money from the card by intruders, for example, if it has been lost.
• 3D-Secure is a technology that increases the security of making payments when shopping online.

3D Secure is a two-factor authentication for authorizing the cardholder when making a payment. In simple words, 3D Secure is a code that is sent to the cardholder on the phone when paying for goods. With this password, the user confirms that it is he and no one else who makes the payment.

The technology is based on the Extensible Markup Language Protocol. It is used to protect online payments from debit and credit cards.

It does not protect the monetary resources on the card, like a pin code entered when withdrawing money from an ATM. Also, the technology should not be confused with the CVV-code on the back of the card.

Why 3D
3D-Secure does not mean that payments are made in some kind of three-dimensional space. This term comes from the common abbreviated name of three systems or domains (English "3 D" - Three Domains, which translates as "Three Domains"), which are involved in the exchange of money and provide protection of their transfer from the owner to the seller. They are:

1. Acquirer's domain - the system of the merchant or bank where the money is received;
2. Issuer domain - the system that issued the card to the user making the payment;
3. The system through which the payment passes, or the domain of compatibility. It is provided by Mastercard or Visa systems that support 3D-Secure technology.

If the technology is connected to its holder's card, then it is impossible to make a payment without the latter's knowledge.

Video: 3D Secure: How Does It Work? (scheme of work and comments of a specialist)

How the protocol works
The operation of the 3D Secure protocol is to redirect the user to the page of the issuing bank, that is, the bank that issued the card. On this page, the user will have to enter a one-time code in a special field. A one-time password is sent via SMS to the phone number linked to the owner's card.

The protocol will be activated only if the service is activated.

How to connect 3D Secure
The feature is free. If the user has not connected this service, then he can activate it in one of the following ways:

• at the bank office;
• by phone;
• through an ATM;
• through online banking.

Examples of banks that connect cards to 3D Secure:

Name of the bank	Connection	Connection cost	Monthly commission
Sberbank	Automatic, upon receipt of the card	Is free	Not
Tinkoff	Automatic, upon receipt of the card	Is free	Not
VTB 24	According to the owner, through online banking	Is free	No, a one-time fee will be charged for incoming SMS from the phone balance

By contacting the office of the local branch of the bank
The activation of this service is free of charge. The cardholder needs to do the following:

• Come to the bank with your passport and card.
• Write a connection statement. An employee will issue a form to fill out.
• Activation will take place after the first payment is made.

By phone
You can activate the service by phone without leaving your home. For example, for bank:

• Send the Word "Full" in SMS to number 900.
• Wait for a message with a dynamic code (one-time password) of four digits.
• Enter these numbers in the reply message and send again to 900.
• Wait for SMS with confirmation of connection.
• Now you can safely pay for services and goods on the Internet.

ATM
To connect through an ATM, the user will need to call the bank and find out if his card has a 3D function. If the answer is yes, then the owner can safely go to the nearest ATM and activate the service.

• Insert the card into the ATM of the exact financial institution that issued it.
• Click on the "Other operations" item.
• Find and select "3D Secure".
• Enter the mobile number linked to the card.

Now dynamic codes for payments via 3D Secure technology will be sent to the phone when making a payment.

Online banking
You can connect the service in the personal account of Sberbank or any bank that supports the technology. It will be shown using the example of Sberbank:

1. Open the main page of the bank and enter your personal account.

2. Click on the "Cards" tab.

3. Select "3D Secure Connection" in the drop-down menu.

Disable 3D Secure
In general, it is undesirable to disable this function if it was connected, because then the cardholder will not be able to pay for a product or service in an online store equipped with this protection.

Reasons why the owner might need to disable protection:

• moving to another country;
• change of phone number;
• the need to make a purchase in those stores where 3D Secure is not supported.

In such situations, banks can help the user as follows:

• For example, Alfa-Bank makes it possible to change the number to a foreign one, if it is more convenient for the client, without disabling protection.
• If the user still insists on disconnecting, then he can contact the bank with a written statement (if the financial institution does not support the service of disabling the protection function in the user's personal account).
• Bank online banking provides a service to disable the function. To do this, the user must go to the "Cards" tab in his personal account. In the list that opens, under the "Connect 3D Secure" item, the "Disable 3D Secure" item will be located. Click on it.

How can a user learn about connecting a card to 3D Secure protection technology
Not all banks use this technology, as maintenance of this function is expensive. Financial institutions that have been operating for more than 10 years and have a developed retail network (Sberbank, Alfa-Bank, VTB and other well-known banks) regularly integrate it into issued cards by default.

Connection to it is carried out immediately after receipt and activation. According to international regulations, Visa and Mastercard are provided with the service by default.

To find out whether this function is present on the user's card or not, the owner can in two ways:

• make a purchase in an online store. If SMS with a dynamic code did not arrive at the phone number, then this means that the service is not connected. For example, Alfa-Bank enables this function by default only for certain types of payments. Therefore, in order to use the full capabilities of the service, it is recommended to inquire about the availability of technology in the second way;
• contact the employees of the bank where the card was issued.

Interesting facts about safety
An online store that does not support the 3D Secure standard is not responsible for the security of the payment. Therefore, the responsibility falls on the bank that issued the card.

However, if the user has confirmed the payment with a dynamic code received in the SMS, all responsibility is shifted to the owner. If the card and password are still in the hands of a fraudster, the rightful owner will not be able to prove that he did not make the payment.

All dynamic passwords that come via SMS when making a payment, after being entered in the appropriate field and payment become invalid. They also have a limited duration, usually 5 minutes. These codes should not be disclosed to third parties.

For example, a cardholder receives a message to his mailbox with a proposal to follow the link and take some winnings. In this case, he must enter his card details, ostensibly to receive money. This is not worth doing, since the computer program reads the information of the user's card, and then uses it for its own purposes.

It is not recommended to pay for online purchases in public places. Unscrupulous people can work in video surveillance and monitor the information entered by the card holder.

Advantages and disadvantages of the system
The benefits include:

• Receiving a new code in SMS with every purchase or payment. You don't need to keep passwords in your head and change them once a month.
• Simplicity of the procedure.
• Safety. Only the cardholder has access to the phone. If it is stolen, then the fraudster will also need a card.

Flaws:

• In case of poor connection or in its complete absence, SMS codes may not come to the phone. How to solve the problem if the user did not wait for the dynamic password to arrive will be discussed in the "Answers to questions" section.
• The ability to steal a code from a computer. The operating systems through which the payment is made are susceptible to infection by viruses. The latter are able to analyze codes and send them to attackers.

How to avoid fraudsters and bypass security systems
The cardholder can protect himself from fraudulent activities in the following ways:

• regularly update the anti-virus database and use only licensed anti-virus on the computer or smartphone from which payments are made;
• not to buy anything on unknown or unfamiliar sites;
• carefully read the text that came in the SMS along with the dynamic code;
• it is advisable to set a daily limit for withdrawing money from the card. This will protect the owner from losing the entire amount in the event of an attack by intruders;
• and the rarest, but still found move from the thieves of electronic money is the reissue of the SIM card. Therefore, if the owner's phone stopped catching the network even in those areas where it always caught it well, the cardholder will need to contact the bank as soon as possible to block the account and to his provider to change the number.

Payment with 3D Secure (detailed instructions)
You can make a payment in stores where this security system is provided as follows. These online stores are marked with special logos:

Suppose a cardholder wants to buy a bag from an online store.

1. He selects a product and goes to the checkout page.

2. Enters information from his card to make a payment.

3. The user will be redirected to a page to enter a special code. The page contains brief information, a window for entering a dynamic code and the logo of the issuing bank.

4. Now the cardholder has to enter a one-time code, which will be sent to the phone number associated with the card.

If the dynamic code received on the phone matches the one entered by the user, the payment will be processed and the specified amount will be withdrawn from the card.

Dynamic code should not be shown to third parties. You need to enter it to the person to whom it came to the phone. An SMS with a code will warn you about this.

Question answer

What are the benefits of this feature for online stores and sellers?

Activating this service gives them protection against fraud. Fraud is a type of fraud. It consists in demanding a refund after payment and receipt of the goods. An attacker pretending to be the owner of the card justifies this by the fact that he did not consent to payment.

Is it allowed and safe to buy in stores without 3D Secure?

Many online marketplaces, such as AliExpress, do not support such a function and sell without problems; they are also in demand. The bank will carry out the operation in any case, even if the data was stolen by a virus and entered by a fraudster. When a cardholder buys a product, he already knows what he is buying himself. Therefore, the answer is yes, but in any case, you have to rely on your or someone else's experience, if you do not have your own, and do not make purchases on very suspicious sites.

What if the one-time code did not come?

Click on the button "Send the code again". But before doing this, make sure that:

• the smartphone is turned on, the connection is not blocked, the cellular tariff has been paid for and is valid;
• the tariff plan assumes receiving SMS if the user is abroad;
• the user is in the reception area of the provider's network;
• the phone is linked to the card.

What to do if 3D Secure authorization error occurs?

There are two reasons for the 3D Secure authorization error.

1. Invalid code entered. It is necessary to double-check the code in SMS and enter it correctly.
2. The code has timed out. A dynamic password received via SMS is valid for 5 minutes. If more time has passed, you should request a re-sending of the code.

After this error, it is advisable to re-enter the browser and make the payment again.

Can I opt out of the 3D Secure service?

This service is required. Many shops will not work with cards that do not have this security feature enabled.