3D Secure (3DS) is an extra security step used for some online card payments. If a checkout asks a customer to confirm a purchase in their banking app, enter a one-time code, or approve a prompt, that extra step is usually 3D Secure.
Businesses use 3DS for one main reason- it can reduce certain types of fraud and chargebacks. The concern is also valid if you add extra steps at checkout; some customers will drop off. But it is important to know when to use it, and how to use it without hurting sales.
What 3D Secure actually does
3D Secure is a way for the cardholder’s bank to confirm the customer is real before approving an online transaction. Instead of only relying on card details, it adds a layer of authentication. That authentication might be:
- a bank app approval
- a one-time passcode (OTP)
- biometrics (Face ID/fingerprint)
- a “frictionless” approval where the bank approves silently in the background
That last one matters. Modern 3D Secure (often called 3DS2) doesn’t always mean a customer sees a challenge. Many transactions can be approved without visible steps if the risk looks low.
Does 3D Secure reduce fraud?
It can reduce unauthorised card fraud, especially in cases where someone uses stolen card details online. When a transaction is authenticated through 3DS, the bank is more confident that the real cardholder is involved.
It can also help reduce certain chargebacks, because authentication provides stronger evidence that the cardholder approved the transaction.
But it doesn’t solve everything, and it won’t be able to stop:
- friendly fraud (customers disputing legitimate purchases)
- refund abuse
- “item not received” disputes
- account takeover disputes when the bank still believes the user was authenticated
So yes, 3DS can reduce fraud, but mainly in the “stolen card details” category.
Does 3D Secure hurt conversion?
It can hurt conversion if the business does not know when to use it. If you force 3DS on every transaction, you’re adding friction to customers who would have paid without issues. Some will drop off simply because:
- they don’t have their phone nearby
- the bank’s authentication flow is slow
- the challenge fails or times out
- they don’t understand what’s happening and don’t trust it
That said, 3DS2 can be much lighter than older versions. Many approvals happen in the background, which means customers never see an extra step.
So, 3DS can hurt conversion when it’s applied broadly or poorly.
The best way to use 3D Secure for online businesses
The practical approach is risk-based 3DS (sometimes called “dynamic 3DS”):
- Low-risk orders: don’t challenge; keep checkout fast
- Medium-risk orders: trigger 3DS to confirm the buyer
- High-risk orders: challenge or decline based on your risk rules
This gives you protection where it matters while keeping good customers moving.
Common signals that may justify 3DS:
- unusually high order value
- mismatch between billing and shipping
- IP location doesn’t match the address
- new customer, rush shipping
- multiple payment attempts / unusual velocity
- digital goods or instant fulfillment
So, you should use 3DS as a tool for suspicious situations, not a blanket policy.
What businesses should check before turning on 3DS
Before enabling 3DS widely, make sure you can answer these questions:
- Are you trying to reduce the right kind of chargebacks?
3DS is most helpful for “unauthorized transaction” disputes. If your chargebacks are mostly “item not received” or “not as described,” 3DS won’t fix the root cause.
- What does your fraud rate look like versus your decline rate?
Some businesses try to lower fraud but accidentally increase declines and false declines. If approvals drop, your “fraud improvement” may cost you more in lost sales than it saves.
- Do you have a way to measure impact?
Track:
- conversion rate (overall and by traffic source)
- approval rate
- chargeback rate (especially unauthorized reason codes)
- 3DS challenge rate (how often customers see friction)
- abandonment at the 3DS step
These metrics tell you if 3DS is helping or hurting.
When 3DS makes the most sense
3DS is especially useful when your business:
- sells higher-risk products (digital goods, tickets, gift cards)
- sees consistent stolen-card fraud attempts
- runs paid traffic in channels that attract fraudsters
- ships to addresses where fraud rates are higher
- has higher-than-normal “unauthorized” chargebacks
In these cases, risk-based 3DS can reduce losses and protect your merchant account without destroying conversion.
When 3DS is not the right lever
If your issues are mostly friendly fraud or customer confusion, focus first on:
- clear billing descriptors and receipts
- fast support and self-serve refunds
- strong delivery confirmation and tracking
- better cancellation and return clarity
That’s what reduces disputes that come from misunderstanding, not stolen cards.
Conclusion
3D Secure is an extra authentication step for online card payments. It can reduce unauthorised card fraud and certain chargebacks, but it can also add friction at checkout. The best approach for most online businesses is not “turn it on for everything,” but to use it selectively for higher-risk orders.
Used well, 3DS can protect revenue without hurting conversion. Used blindly, it can slow down checkout and cost you sales. The goal is simple: keep checkout fast for good customers, and add verification only when the risk is real.
