Do you run an e-commerce business? Did you ever face a single chargeback that ruined your day? A customer claims they never made the purchase. Money and items are gone. And unless you have the right protection in place, you simply have to cope with a loss situation.
According to Mastercard, on average, organizations in the payment industry lost $60 million in annual revenue due to payment fraud over the past 12 months.
According to Juniper Research, global e-commerce fraud losses exceeded $48 billion in 2023, and cumulative online payment fraud losses are expected to exceed $362 billion between 2023 and 2028.
Many antifraud protection methods that worked a decade ago simply do not cut it anymore. That is precisely why 3D Secure / 3DS and Strong Customer Authentication are now essential for online merchants, especially for card payments in markets where PSD2 SCA rules apply.
What is Strong Customer Authentication (SCA)?
Strong Customer Authentication, or SCA, is a regulatory requirement introduced under the PSD2 – the European Payment Services Directive (revised).
The core idea is simple enough: for in-scope electronic payments, unless an exemption applies, the person making it has to prove they are actually who they say they are. And using just one authentication element is no longer sufficient.
Under SCA rules, a payment must be verified using at least two out of three independent authentication elements:
Something the customer knows – a password, a PIN, a passphrase they set up with their bank.
Something the customer has – their phone receiving a one-time code or a hardware authentication token.
Something the customer is – a fingerprint, face scan, any biometric identifier that is unique to them.
The logic here is layered security. Even if a fraudster somehow obtains someone’s card number and password, they still cannot complete a purchase without also controlling the customer’s phone or passing a biometric check.
For online merchants, this can mean fewer fraudulent transactions slipping through and, in some cases, a liability shift on eligible authenticated card transactions. For customers, it means far greater confidence in shopping online.
According to Visa Secure data, authenticated transactions show approximately a 45% reduction in fraud compared to non-authenticated e-commerce transactions.
Open an account
in Genome online
What is 3D Secure (3DS)?
If SCA is the regulatory requirement in Europe, 3D Secure is one of the main technologies used to support it for online card payments. 3D Secure is an authentication protocol designed to verify a cardholder’s identity during online card transactions.
Side note: 3D Secure has become literally a common noun – originally developed and named by Visa as 3D Secure / 3DS by Visa, now it is called Visa Secure, while other companies have their own 3D Secure / 3DS technology, also giving them different names (Mastercard Identity Check, Amex SafeKey, J/Secure, ProtectBuy, UnionPay 3-D Secure, etc.).
The “3D” refers to the three domains involved in every verification: the merchant, the card issuer (the customer’s bank), and the card network infrastructure (such as Visa or Mastercard).
When a customer checks out on your website, 3DS triggers a behind-the-scenes conversation between your payment system and the customer’s bank. The bank assesses the transaction and, when needed, asks the customer to verify their identity before approving the payment.
The evolution to 3D Secure 2.0
The original version of 3D Secure / 3DS, which many people still remember as that redirect to a separate page with a pop-up window, was not exactly a user-friendly experience. It worked, but the friction it introduced was real and measurable.
Customers abandoned carts. Conversion rates dropped. Merchants used it nonetheless, because the alternative (no authentication at all) was worse.
3DS2 changed that substantially. Instead of asking the customer to prove their identity right away, it first sends contextual data to the card issuer: device information, IP address, transaction history, and behavioral patterns. The issuer runs a risk assessment in the background. If the transaction looks normal – the customer is on their usual device, buying a plausible amount, from a merchant they have used before – the payment goes through without any interruption.
The authentication step typically appears only when the transaction is deemed high risk.
For merchants, this matters because it means you can improve fraud protection without creating the same level of checkout friction as older 3DS flows. Those two things used to feel like a trade-off. With 3DS2, they often feel less like one.
How 3D Secure and SCA work together
Think of it this way: SCA is the rule, and 3D Secure / 3DS is one of the main technical mechanisms used to support it for online card payments.
European regulators set the standard: for in-scope electronic payments, strong customer authentication must be applied unless an exemption applies. Card networks, issuers, and payment providers then use EMV 3-D Secure as a practical way to help meet that standard.
When a customer completes a properly implemented 3DS-authenticated payment, it can satisfy the SCA requirement for that transaction. For online merchants, this means enabling 3DS is an important part of supporting PSD2 compliance for card payments.
If your checkout does not support it when needed, you may see more legitimate payments fail and create avoidable friction for customers.
Why online merchants need 3DS and SCA
If you operate outside of Europe but sell to European customers, 3D Secure and SCA have direct, practical implications for your bottom line. Here is why it matters:
The liability shift
This is perhaps the most important benefit for merchants to understand. When a transaction is successfully authenticated through 3D Secure and a fraudulent chargeback is later disputed, the liability shifts from you to the card issuer. Without 3DS, you – the merchant – are typically left holding the cost of a fraudulent transaction.
With it, that responsibility can shift to the card issuer for certain unauthorized or cardholder-not-recognized chargebacks on eligible transactions. For e-commerce businesses that deal in higher volumes, this single protection can save thousands or even millions of euros per year.
This is one of the strongest tools for chargeback protection merchants can have.
Reduced fraud and chargebacks
E-commerce fraud prevention is a constant challenge, and chargebacks are one of the costliest consequences of fraud for merchants. Every disputed transaction means lost revenue, dispute fees, and wasted administrative time.
By implementing 3D Secure, you add a layer of verification that stops a significant portion of fraudulent attempts before they reach the point of dispute and contributes to chargeback protection.
Fewer fraudulent transactions mean fewer chargebacks – and that directly protects your profit margins.
Building customer trust
Customers are increasingly aware of payment security. Seeing a familiar authentication step – a code sent to their phone, a biometric prompt – signals to them that your checkout is secure. In competitive e-commerce markets, that trust is a genuine differentiator.
Because customers do notice. Not all of them, and not consciously, but checkout security is something people notice. A recognizable authentication step – a code to their phone, a face ID prompt – communicates that you have taken their card data seriously. In markets where customers have plenty of options and a low tolerance for risk, that matters for retention.
Regulatory compliance
And practically speaking, transactions may be declined or soft-declined without it for in-scope PSD2 payments, unless an exemption applies. European banks that enforce PSD2 are required to apply SCA to in-scope electronic payments, unless an exemption or out-of-scope scenario applies. That is not a theoretical concern – it is a live operational issue for any merchant selling to European customers without proper SCA-compliant payment processing in place.
Secure your transactions with Genome’s merchant services
Our merchant services provide businesses with a high-security payment infrastructure, including dedicated merchant accounts and a hosted payment page that handles compliance.
We already support Open Banking and instant bank payments (Pay by Bank) inside the Genome merchant account. The Pay by Bank payment method is faster, more transparent, and structurally reduces a lot of the fraud vectors that card payments are traditionally vulnerable to. We enable it via SEPA Instant and Credit Transfers, so that you accept payments quickly and with minimal friction.
What is coming next is card payment processing, allowing for global payment acceptance. Soon, you will be able to accept Mastercard and Visa card payments, which offer full 3D Secure (3DS).
SCA-compliant, low-friction checkouts – designed to meet European regulatory requirements without adding unnecessary steps that push customers away.
This is a big deal for any online merchants operating in European markets who don’t want to constantly patch payment systems to keep up with the security landscape.
And the combination of Open Banking and card payment processing will create a less frictionless, client-oriented environment for your customers!
Open an account
in Genome online
Conclusion
Payment security can feel abstract until something goes wrong. The chargeback, the fraud pattern, the declined transactions from European banks – these are the moments when merchants usually start looking more seriously at their payment provider and begin to understand what 3D Secure / 3DS and SCA really mean. By then, some damage had already been done.
The better approach is to have the infrastructure in place before it becomes urgent. E-commerce fraud prevention can be implemented by most businesses!Open a Genome merchant account and get your payment security built properly from the ground up – including upcoming card processing tools when they launch.
