3-D Secure is a protocol designed to be an additional security layer for online credit and debit card transactions. The name refers to the "three domains" which interact using the protocol: the merchant/acquirer domain, the issuer domain, and the interoperability domain.[1]
Originally developed in the autumn of 1999 by Celo Communications AB (which was acquired by Gemplus Associates and integrated into Gemplus, Gemalto and now Thales Group) for Visa Inc. in a project named "p42" ("p" from Pole vault as the project was a big challenge and "42" as the answer from the book The Hitchhiker's Guide to the Galaxy). A new updated version was developed by Gemplus between 2000-2001.
In 2001 Arcot Systems (now CA Technologies) and Visa Inc.[2] with the intention of improving the security of Internet payments, and offered to customers under the Verified by Visa brand (later rebranded as Visa Secure). Services based on the protocol have also been adopted by Mastercard as SecureCode (later rebranded as Identity Check), by Discover as ProtectBuy,[3] by JCB International as J/Secure, and by American Express as American Express SafeKey.[4] Later revisions of the protocol have been produced by EMVCo under the name EMV 3-D Secure. Version 2 of the protocol was published in 2016 with the aim of complying with new EU authentication requirements and resolving some of the short-comings of the original protocol.[5]
Analysis of the first version of the protocol by academia has shown it to have many security issues that affect the consumer, including a greater surface area for phishing and a shift of liability in the case of fraudulent payments.[6]
paymentssource was invoked but never defined (see the help page).hownot was invoked but never defined (see the help page).