3-Domain Security - is a new method of security mandated by the Card Associations to enhance the security of online transactions. Mastercard's product is called "SecureCode" and Visa's product is called "Verified by Visa".
The 3D-Secure refers to three domains involved in securing the payment. They are
- the Acquiring or Merchant's bank
- the Card Association's financial networks ie Mastercard and Visa
- the Issuing or Cardholder's bank.
Simply put, the system authenticates the cardholder before the transaction takes place by diverting the browser to the bank that issued the card, who then requests some secret, perhaps a pin, from their cardholder that will conclusively prove that this actually is the cardholder entitled to use this card. Once they are satisfied that this is their cardholder they issue an authentication receipt which is then presented to the merchant's bank along with the authorization request.
If the transaction is then approved by the issuing bank they may not charge the transaction back to the merchant because the cardholder disputes the transaction as not being originated by them.
Virtual Card Services, MyGate, and Setcom are amongst the Payment Gateways that are compliant.