3D Secure


How 3D Secure Works


Developed by Visa and licensed by MasterCard, 3D Secure stands for “Three Domain Secure” – the domains being the acquiring bank (retailer’s bank), the issuing bank (the cardholder’s bank) and the infrastructure that supports the 3D Secure protocol.

On participating sites, after completing the merchant’s checkout process, the customer is asked to provide a password (if previously enrolled) or to set up his or her Verified By Visa or MasterCard SecureCode credentials. The customer is either redirected to the issuing bank’s website for authorization, or kept within the merchant’s own checkout process through a frame.

Cards not eligible, such as Discover and American Express (which has its own authentication product, Safekey, available only in the UK and Singapore), Visa gift cards and business credit cards with multiple names on the account are detected by the system and not prompted to enroll or enter a password.

An unenrolled Visa, Maestro or MasterCard customer is allowed to opt out of the scheme a minimum of 3 times (depending on the card issuer), up to an unlimited number of opt outs. In some cases, the card issuer may make a risk-based decision to require authentication the first, second or third time). If a cardholder opts out the maximum number of times, he or she will no longer be presented with a “No thanks” button, and may not be able to shop online with online retailers that use 3D Secure until enrolled (this depends on the card issuer).

With Visa, the online retailer may decide whether to process an order for an opt-out or incorrect password, and is protected from chargebacks simply from making the attempt to authenticate through the Visa Attempts program. MasterCard does not offer the same protection if the cardholder opts out.

Does 3D Secure Really Make Online Shopping Safer?


For unenrolled cards, the first person to use the card online gets to set the password. Identity thieves often know a victim’s date of birth or last digits of a social security number required for activation with the issuing bank. Cyberthieves are also well aware how easy it is to reset a 3D Secure password. They can also be easy to guess. Verified by Visa, for example, suggests “your password should be easy for you to remember” – which ultimately makes it less secure.

Another well publicized problem, 3D Secure has been prone to phishing. To increase confidence, during registration Verified by Visa asks the cardholder to choose a phrase that will appear in the window, such as “happy birthday.”

Finally, 3D Secure aims to increase consumer confidence about shopping online by protecting enrolled cards from unauthenticated use. But because 3D Secure is not adopted by every issuing bank or every retailer, and because there is an opt-out option, only some are protected – some of the time. 3D Secure also can’t protect the cardholder from a data breach (card number compromised through the retailer’s records), which is a major concern among online shopping “hold-outs.”

SECURITY


PCI Compliance Manager

Ticketgateway accepting credit card payments, you need to take a number of steps to ensure you are protecting your business and reducing your exposure to fraud. PCI Compliance Manager will help you take the steps needed to validate compliance with the Payment Card Industry Data Security Standards and protect your business.

COMODO Hacker Proof

Ticketgateway tested daily using Comodo's HackerProof Vulnerability Scanning Service. The service performs an extensive range of tests for major known vulnerabilities on the website. This trusted site seal is only presented after this website has passed the Comodo vulnerability test.

Comodo's HackerProof Vulnerability Scanning Service is frequently updated to ensure up to date vulnerability tests against the latest security threats.

Platinum Wildcard SSL

COMODO Secure

Ticketgateway has been validated and is authentic.

Ticketgateway also uses SSL for secure transactions.

Ticketgateway Inc holds a website identity assurance warranty of $250,000. This means that you are insured for up to $250,000 when relying on the information provided by IdAuthority on this site.

Tokenization

Tokenization protects card data when it’s in use and at rest. It converts or replaces cardholder data with a unique token ID to be used for subsequent transactions. This eliminates the possibility of having card data stolen because it no longer exists within our environment. Tokens is used when a card not present environments such as e-commerce. Tokens resides within our e-commerce infrastructure (at rest) and can be used to make adjustments, add new charges, make reservations, perform recurring transactions, or perform other transactions (in use). So feel secure to leave you card with us, where is safe and secure.