Complete News World

3-D Secure card payment – Online shopping: not always with a second authentication – Kassenrutsch Espresso

3-D Secure card payment – Online shopping: not always with a second authentication – Kassenrutsch Espresso


3-D Secure is a security check for payments in online stores. This is not always required.

Whether it's a jacket, a plane ticket, or a printer cartridge: You can easily buy many things online and pay with a credit or debit card. You will often have to confirm this transaction again, for example using your fingerprint or SMS code that is sent to you.

This second authentication is a security check and is called 3-D Secure. Some credit cards are set this way by default, while on others you have to activate it yourself.

Amazing: Even if you activate the 3-D Secure service, you don't have to confirm every payment a second time. For any reason?

Online stores and card issuers decide to use the 3-D Secure service

The online store decides for each individual transaction whether it offers the 3-D Secure service or not. If not, no second authentication will occur. This applies to all online stores where you pay with a Swiss card. After that, the ball is in the bank and/or card issuer's court.

“Strong Authentication” vs. “Frictionless Flow”

If a store chooses 3-D Secure, it is up to the bank or card issuer how to implement 3-D Secure. Basically you have two options:

With Strong Authentication you have to confirm the payment again.

With Frictionless Flow, payment is processed without a second authentication by the customer. However, the payment will be verified.

Safety when shopping online

Open the box
Close the box

  • Activate two-factor authentication: Online stores like Amazon or Digitec Galaxus provide this on their websites. When you log in, you are given a code that you must enter to confirm that you are actually the person who wants to order something. This can prevent someone from ordering products under the wrong name to the wrong address. Double authentication is not the same as 3-D Secure.
  • Use a strong password.
  • Transaction Push Message: Many banks and credit card companies offer a service where you receive a payment message, email or SMS with every transaction.

Private security systems

Visa, Mastercard, and American Express have created the 3D Insurance framework. In this context, banks and card issuers have their own security system that assesses the risk of potential fraud for each payment. Depending on the situation, payment is made through a “seamless flow” or “strong authentication” required.

For security reasons, banks do not want to specify exactly the conditions under which a “frictionless” payment will be made, but this is quite clear: this only happens if there is a low amount, or if you have ordered something from a well-known store and they already have to confirm the payment. In cases of doubt, “strong authentication” is used.

Viseca credit cards use “strong authentication” for every transaction. Viseca cards are available at Migros Bank, cantonal banks and Raiffeisen banks.

Who is responsible and when?

Banks and card issuers say there is no greater risk to the customer even with “frictionless flow”. Therefore, as a client it is not possible to insist on “strong authentication”. With “seamless flow,” the bank is liable as long as the customer does not breach its duty of care.

With Strong Authentication, a customer is liable if they mistakenly confirm a payment they didn't make.

If an online store does not offer 3-D Secure, the store will be liable if the card is misused.

Banking Ombudsman: More cases due to 'strong authentication'

The Office of the Banking Ombudsman has only encountered one case of abuse involving “fluidisation” so far; The problem lies more with “strong authentication” because many customers confirm the payment too quickly and did not make it.