Credit and debit cards debuted close to 100 years ago, and are still essential payment methods worldwide. What’s more, transactions which don’t require a card to be present are more common than ever. Think contactless and online payments.

Therefore, the need to secure transactions is absolutely crucial.

Fortunately, businesses realised this early on. It led to the creation of Three-Domain Secure, better known as 3D Secure, in 1999. This security protocol safeguards online credit/debit card transactions by essentially requiring customers to verify that they’re the ones transacting and not anyone else.

In this article, we’ll cover the origins of 3D Secure, what limitations the first version had, and how it evolved to become the EMV 3D Secure (3DS2) we know today.

Beginnings of 3D Secure

3D Secure’s development dates back to 1999 before being launched in 2001 by Arcot Systems and Visa. The security protocol was initially branded as ‘Verified by Visa’, aiming to reduce credit and debit card fraud.

It did this by requiring card owners to provide an additional layer of authentication whenever they made online card-not-present (CNP) transactions.

Subsequently, other payment card companies implemented similar solutions. These include Mastercard’s ‘SecureCode’, American Express’ ‘SafeKey’, and JCB’s ‘J/Secure’.

However, the first iteration of 3D Secure had its flaws.

Limitations of 3D Secure 1.0

3D Secure was groundbreaking when it launched, but it had three notable shortcomings:

1. User experience difficulties

The reliance on static passwords meant that card owners often forgot their credentials. This led to transaction failures and cart abandonments. Businesses lost out on sales because of something they could not control.

2. Mobile compatibility issues

As e-commerce on mobile devices surged, 3D Secure 1.0 struggled to provide a seamless authentication experience when folks transact on the go. It had to evolve to keep up with changing trends and continue preventing fraud efficiently.

3. Security concerns

3D Secure’s design made it weak to phishing attacks. That’s because customers who were transacting online were redirected to unfamiliar pages for authentication. It was tough for them to verify if the page was legitimate or a scam.

Worse still, many individuals would implicitly trust these pages as they believed they were on an authentic website to verify their transaction.

Evolving to EMV 3D Secure 2.0

EMVCO, a consortium of major payment card companies, recognised that 3D Secure had to improve. In 2016, it introduced EMV 3D Secure 2.0 (3DS2), improving on its predecessor by:

• Enhancing the user experience: 3DS2 supported biometric authentication and one-time passwords, making checkout easier.
• Improving mobile integration: 3DS2 was designed with mobile devices in mind, ensuring smooth authentication for everyone.
• Implementing risk-based authentication: 3DS2 can determine how risky a transaction is and select the right authentication method. Therefore, low-risk transactions would be as seamless as possible.

Since then, the EMV 3D Secure protocol has evolved through multiple versions to address emerging security challenges and improve the user experience. Each version introduced enhancements like better risk assessment, reduced friction, and support for modern payment methods, ensuring secure and seamless digital transactions:

• 2016: 3DS 2.0: Initial release focusing on multi-device compatibility and data-sharing for frictionless authentication.
• 2017: 3DS 2.1: Enhanced flexibility for merchants and issuers.
• 2018: 3DS 2.2: Introduced exemptions for PSD2 SCA, out-of-band authentication, and new messaging protocols.
• 2023: 3DS 2.3.1.1: Latest version focusing on enhanced fraud prevention, expanded device coverage, and further reductions in user flow friction.

What’s new in EMV 3D Secure 2.3.1.1

EMV 3D Secure 2.3.1.1 is the latest version of 3D Secure. Here’s how it improved on previous versions’ features:

1. Device binding

Users can now register their devices, enabling quicker authentication for future purchases. This is important for transactions which need to be completed quickly, or payments which are made frequently.

2. Expanded data sharing

With EMV 3D Secure 2.3.1.1, card issuers receive more transaction data. Therefore, they can assess risk quicker and more accurately. This allows companies to determine when bad actors are up to no good even faster.

3. An intuitive user interface

For people who aren’t tech savvy or are just in a hurry, EMV 3D Secure 2.3.1.1’s easy-to-understand user interface makes the whole authentication process swifter.

Summarising 3D Secure’s history

From being developed in 1999 to evolving to EMV 3D Secure 2.3.1.1 in 2022, the 3D Secure protocol has consistently risen to the challenges posed by the rapidly growing digital payments landscape throughout the years.

As e-commerce continues to flourish, so does the sophistication of fraudsters. 3D Secure has ably tackled this by incorporating the latest technology whenever the opportunity arose. It remains a cornerstone in ensuring a secure and seamless online transaction experience, and there’s little doubt it’ll continue to do so for decades to come.

Take your business further in Southeast Asia

Discover the latest payment insights and e-commerce trends in Southeast Asia with the 2025 edition of our IDC InfoBrief, commissioned in partnership with Antom. Download the full report and explore how you can expand your business in this unique region.

Looking for tailored solutions to streamline your company’s payments and give it the edge it needs? Chat with our friendly team today.