Skip to content

3D Secure in America — the myths and realities that you need to know

Read “The State of Fraud” report

“The State of Fraud” report

Cover of the Signifyd State of Fraud 2023 report

With ecommerce fraud on the rise, U.S. merchants are hearing more about the liability shift provided by 3D Secure, the fraud protection protocol maintained by the major credit card neworks under the banner EMVCo. Despite the buzz, many might not completely understand how this technology deters ecommerce fraud, and they may be puzzled over the myths and realities surrounding the solution.

This guide will help you better understand this approach to fraud management and will, of course, explore the aforementioned myths and realities accompanying the 3D Secure in America chatter.

What are some common myths about 3DS in the United States?

Myth: 3DS is the only option for shifting liability

Reality: No doubt, 3DS’ liability shift — moving the cost of fraud from merchant to an issuer or fraud protection provider — is an attractive feature for merchants. But that benefit is not unique. A relatively new generation of fraud protection providers also offers a liability shift on approved orders that ultimately turn out to be fraudulent. While such providers are few in number, and the level of their protection varies, the top providers have offered liability shifts for years — the best offer liability shift without requiring consumers to overcome step-ups and challenges. Merchants should carefully consider all options in this space.

Myth: 3DS is only beneficial for high-fraud sectors

Reality: Some argue that 3DS is only necessary for sectors with traditionally high rates of fraud, such as luxury goods or electronics. In fact, 3DS is equally effective in all sectors and can reduce chargebacks across the board. The tendency in the U.S. is to lean toward using 3DS for the riskiest orders. Merchants balance the potential risk of cart abandonment with the reward of liability shift. When confronting orders they’re not willing to ship, some merchants will use 3DS review, reasoning that the order is a low-percentage order anyway, so if the buyer fails the challenges, they’re no worse off. If, on the other hand, the order is approved, the merchant has no worries that it will later come back as a chargeback.

Myth: 3DS and its liability shift are all the fraud protection you will need

Reality: 3DS is best viewed as part of a larger set of fraud protection solutions and strategies. Not only is 3DS something merchants want to be thoughtful about using so as not to risk challenging good customers, but it doesn’t protect merchants from every kind of chargeback. As fraud grows in sophistication, first-party fraud is a threat that is increasing faster than traditional payment fraud. First-party fraud is fraud committed by the rightful credit cardholder, such as claiming a package that did arrive never arrived or that a product that arrived was damaged when it was not. For many merchants, it’s important to have a fraud solution, such as Signifyd’s Commerce Protection Platform, that offers a financial guarantee on all manner of chargebacks, including first-party fraud and consumer abuse.

A chart showing that in many verticals friendly fraud outstripped payment fraud between Feb. 2023 and Jan. 2024

From Q1 2023 to Q1 2024 friendly fraud growth outstripped payment fraud

How does 3DS work in the United States?

The U.S. credit card market is one of the largest and most diverse in the world, with a significant volume of both online and offline credit card transactions. The adoption of 3DS in the U.S. has been influenced by the need to secure a growing volume of ecommerce transactions against an increasing rate of online fraud. That said, 3DS adoption has grown slowly in the U.S., perhaps because of its potential to introduce additional friction into the buying journey. 

As any merchant knows, online fraud constitutes a serious line item expense on the profit-and-loss ledger. With credit card dumps on the so-called dark web available to anyone with enough cryptocurrency, U.S. merchants need a better way to validate online transactions.

3DS is not required in the United States

Unlike the European Union, where strong customer authentication (SCA) requirements under the PSD2 directive mandate the use of technologies like 3D Secure for enhancing security in electronic payments, the U.S. does not have a similar overarching federal regulation mandating the use of 3DS. This has led to a more voluntary adoption path driven primarily by the benefits of fraud reduction and lower chargeback rates rather than compliance pressures. Merchants have been slow to adopt 3DS in the U.S., perhaps because of the availability of advanced solutions that provide a liability shift. 

Key takeaways for merchants

Merchants in the United States have the option of adding 3D Secure to their payment stacks to help reduce fraudulent transactions and chargebacks. The solution is one way to benefit from a liability shift in card-not-present transactions and it provides a data-exchange feature that can be helpful in determining whether the rightful cardholder is adding a card to an existing account. 

The improvements found in the newest versions of 3D Secure make it a helpful complement to the tools and strategies merchants deploy to enhance their revenue and protect their businesses. 

Photo by Getty Images




Signifyd, the leading commerce protection provider to Digital Commerce 360's top 1,000 merchants, provides an end-to-end Commerce Protection Platform that leverages its Commerce Network to maximize conversion, automate customer experience and eliminate fraud and customer abuse for retailers.