Glossary
What is 3D Secure? E-commerce definition
June 4, 2026
3D Secure (often abbreviated as 3DS) is a security protocol that adds an authentication step during an online card payment. Specifically, the buyer may be prompted to confirm their identity via their banking app, an SMS code, or a fingerprint before the transaction is approved. In e-commerce, this mechanism is mainly used to reduce fraud, comply with European regulations (SCA, PSD2), and, in some cases, to shift liability for a fraudulent chargeback to the card issuer rather than the merchant.
3D Secure lies at the intersection of security, compliance, and conversion. It protects card payments, but it must be carefully integrated to avoid turning bank validation into an obstacle for the buyer.
Summary
Definition of 3D Secure
The term 3D Secure refers to an authentication protocol for cardholders in remote payments. Historically developed by the Visa (Verified by Visa), Mastercard (SecureCode) and other networks, it is part of a "three-domain" model: the acquirer domain (the merchant's bank), the issuer domain (the customer's bank) and the interoperability domain (the protocol that enables communication between the two).
The most widespread version today is EMV 3-D Secure (often referred to as 3DS2), which is smoother than the older generation: it allows for authentication integrated directly into the checkout (without systematically requiring heavy redirection) and is better adapted to mobile devices. It should not be confused with SCA (Strong Customer Authentication): SCA is the regulatory obligation in Europe; 3D Secure is one of the most common technical means to satisfy it during a card payment.
Another useful nuance: 3D Secure authenticates the payer, but does not replace the merchant's anti-fraud tools (risk rules, blocklists, velocity checks). The two complement each other.
Why 3D Secure is important for e-merchants
For an online store, 3D Secure acts on three concrete levers.
For an online store, this notably includes Regulatory compliance: in the EEA and the United Kingdom, the PSD2 directive mandates strong authentication for many electronic payments. Without a compatible mechanism, certain transactions may be declined by the issuing bank; Fraud reduction: by verifying that the person paying actually controls the payment method, the protocol limits purchases made with stolen or compromised cards; and Liability shift in case of dispute: when a transaction is successfully authenticated via 3D Secure, the liability for a fraud-related chargeback can be transferred from the merchant to the card issuer, according to the network rules and bank policies (Shopify Help Center).
The flip side of the coin: any additional step at checkout can create friction. A customer who does not understand the authentication request, does not receive the code, or gives up on mobile can lower the conversion rate. The challenge is therefore not just technical: it is also a matter of shopping experience.
How does a 3D Secure authentication work?
Here is the typical customer journey during an online purchase.
Concretely, this includes the customer entering their card details on the payment page, the issuing bank or payment provider evaluating whether strong customer authentication is required (amount, risk, history, possible exemptions), if a challenge is needed, the customer confirming their identity (banking app, biometrics, SMS, banking password depending on the issuer) and, upon success, the transaction is authorized and the order can be confirmed.
Use case: a customer in France orders a €120 product on a Shopify store. At the time of payment, her banking app prompts her to validate the purchase with one click. She confirms: the order goes through. Without this validation, the payment could have been declined, even with a valid card and sufficient funds.
Certain transactions may be exempted from challenges (low-value payments, recurring payments initiated by the merchant under specific conditions, etc.). The exact rules depend on local regulations and the issuer. Do not assume that "small cart = no 3DS": check with your payment provider.
Managing 3D Secure on Shopify
On Shopify, 3D Secure management mainly depends on your payment gateway.
Within Shopify, this notably includes Shopify Payments: the 3D Secure flow is integrated. Shopify indicates that authentication is only triggered when the issuing bank requires it to authorize the transaction, in order to limit unnecessary friction (Shopify documentation), Stripe, PayPal and other PSD2-compliant gateways: 3DS is generally managed by the provider. For EEA stores selling in euros or affected currencies, an SCA-compliant configuration is required, and non-SCA optimized third-party gateways: Shopify may indicate in the admin that an additional connection (for example Cardinal Commerce) is required to remain compliant in certain contexts (Shopify Blog).
In practice, most Shopify merchants do not manually activate 3D Secure: it is the payment provider that orchestrates the authentication. Your role lies more at the checkout level (clarity, mobile, error messages) and in customer support when clients get stuck at the banking step.
What you need to know about 3D Secure
To keep in mind, we notably find that 3D Secure authenticates the buyer during an online card payment, It largely meets the SCA requirements imposed by PSD2 in the EEA and the United Kingdom, On Shopify, it is managed by the gateway (Shopify Payments, Stripe, etc.), not manually by the merchant, It protects against fraud and can shift the liability of a chargeback, but sometimes adds friction to the checkout, and The current version (3DS2) is smoother and more mobile-friendly than the older generation.
Associated terms, FAQ, and going further
Associated terms
Notions related to this topic notably include Checkout: the stage where 3D Secure authentication occurs, Payment Gateway: the service that connects the shop to banking networks and manages 3DS, Shopify Payments: a native Shopify solution with an integrated 3D Secure flow, and E-commerce Fraud: the risk that 3D Secure helps to reduce.
FAQ
Is 3D Secure mandatory for all online shops?
Not everywhere in the world, but it is virtually indispensable if you sell in Europe (EEA, United Kingdom) using locally issued cards. Outside these zones, your provider may apply it based on the level of risk perceived by the issuing bank.
What is the difference between 3D Secure and SCA?
SCA is the legal requirement for strong customer authentication (two factors) for certain payments. 3D Secure is a technical protocol that allows this authentication to be performed during a card payment.
Does 3D Secure lower conversions?
It can add a step, especially if the process is poorly integrated or if the customer does not understand the request. Recent versions (3DS2) and optimized gateways limit this friction. Monitor your payment abandonments after any change of provider.
Does Shopify Payments handle 3D Secure automatically?
Yes. Shopify Payments integrates the 3D Secure flow and only triggers it when required by the issuer to authorize the payment, according to official Shopify documentation.
Go further
Notions related to this topic notably include What is an e-commerce payment gateway?, How to customize the Shopify checkout, Optimizing e-commerce checkout and reducing cart abandonment, and Return to the Qstomy e-commerce glossary.
Sources: Shopify Help Center (PSD2 and 3D Secure), Shopify Blog (SCA). Evolving regulations (PSD3 announced for subsequent years): check the official texts before any compliance decisions.
Enzo
13 May 2026
Convert over 2,000 customers on average per month with Qstomy.
The world’s 1st Shopify AI dedicated to customer conversion
Empowering 200+ e-commerce merchants
Subscribe to the newsletter and get a personalized e-book!
No-code solution, no technical knowledge required. AI trained on your e-shop and non-intrusive.
*Unsubscribe at any time. We do not send spam.