Developed by Visa and licensed by MasterCard, 3D Secure stands for “Three Domain Secure” – the domains being the acquiring bank (retailer’s bank), the issuing bank (the cardholder’s bank) and the infrastructure that supports the 3D Secure protocol.
On participating sites, after completing the merchant’s checkout process, the customer is asked to provide a password (if previously enrolled) or to set up his or her Verified By Visa or MasterCard SecureCode credentials. The customer is either redirected to the issuing bank’s website for authorization, or kept within the merchant’s own checkout process through a frame.
Cards not eligible, such as Discover and American Express (which has its own authentication product, Safekey, available only in the UK and Singapore), Visa gift cards and business credit cards with multiple names on the account are detected by the system and not prompted to enroll or enter a password.
An unenrolled Visa, Maestro or MasterCard customer is allowed to opt out of the scheme a minimum of 3 times (depending on the card issuer), up to an unlimited number of opt outs. In some cases, the card issuer may make a risk-based decision to require authentication the first, second or third time). If a cardholder opts out the maximum number of times, he or she will no longer be presented with a “No thanks” button, and may not be able to shop online with online retailers that use 3D Secure until enrolled (this depends on the card issuer).
With Visa, the online retailer may decide whether to process an order for an opt-out or incorrect password, and is protected from chargebacks simply from making the attempt to authenticate through the Visa Attempts program. MasterCard does not offer the same protection if the cardholder opts out.
For unenrolled cards, the first person to use the card online gets to set the password. Identity thieves often know a victim’s date of birth or last digits of a social security number required for activation with the issuing bank. Cyberthieves are also well aware how easy it is to reset a 3D Secure password. They can also be easy to guess. Verified by Visa, for example, suggests “your password should be easy for you to remember” – which ultimately makes it less secure.
Another well publicized problem, 3D Secure has been prone to phishing. To increase confidence, during registration Verified by Visa asks the cardholder to choose a phrase that will appear in the window, such as “happy birthday.”
Finally, 3D Secure aims to increase consumer confidence about shopping online by protecting enrolled cards from unauthenticated use. But because 3D Secure is not adopted by every issuing bank or every retailer, and because there is an opt-out option, only some are protected – some of the time. 3D Secure also can’t protect the cardholder from a data breach (card number compromised through the retailer’s records), which is a major concern among online shopping “hold-outs”.
If your transaction is approved but selected for a Random Security Check, We select the Sale for a Credit Card Security Check. Your ticket was removed from your account until someone in our security department verifies the validity of the transaction.
Upon successful verification (usually within 1-18 hrs, priority will be given to same day events) Ticketgateway will email the link to download tickets and also add your ticket to your account under My Orders. If you wish to speed up the process, please respond to the order email we sent to you, letting you know we have selected your transaction for a security check.
Please be sure you add us to your safe list, so that our email will reach you and not be deposited in your junk mail box.