3D Secure (3DS) protocols are a payment protection system which reshaped the paying user authentication process while online purchasing aiming an increment of online transactions security.
As detailed in Fabrick's article, the first version of the 3D Secure protocols required the consumer to provide a password or a temporary code generated by a banking device or received by SMS, in addition to card data. Nevertheless, starting in 2018, the new European payment regulation PSD2 and Strong Customer Authentication (SCA) included an additional step to this process: the SCA introduced the concept of multi-factor authentication, according to which the user can finalize a payment by proving their identity with at least two of these types of elements: something known, possessed, or distinguishing about the person. The implementation of this new process resulted in major changes in the original 3DS protocols, which have been updated to 2.0 and following versions precisely developed for a PSD2-compliant transaction processing.
As for the activation of 3DS, acquirers' payment cards are enabled directly by the issuer, while merchants shall refer to the acquirer. Therefore, not all credit and debit cards are necessarily enabled for 3DS security protocols, which is why when it comes to 3D Secure transactions there can be two different scenarios:
Transactions made with cards that are not enabled for 3D Secure protocols on Ecommerce sites that do, however, have active 3DS protocols.
Transactions made with cards enabled to 3D Secure protocols on Ecommerce sites that also have active 3DS protocols.
To learn more details about how 3D Secure payment protection systems work and about their application to online transactions, you can visit the 3DS Management and 3DS2 Protocols section.