3-D Secure (3DS)
An additional authentication layer for online card payments that requires the cardholder to verify their identity with the issuing bank before a transaction is authorised.
Also known as: 3DS, 3DS2, Verified by Visa, Mastercard Identity Check, SecureCode
Last reviewed: 10 June 2026
3-D Secure (3DS) is a security protocol — branded as Verified by Visa, Mastercard Identity Check, or American Express SafeKey — that adds a second layer of authentication when paying online. After entering card details, the cardholder completes an additional step: a one-time passcode sent by SMS, a biometric check in the banking app, or a knowledge-based question.
The latest version, 3DS2, uses risk-based authentication. Low-risk transactions (familiar device, usual location, small amount) may be approved 'frictionlessly' without a visible challenge, while higher-risk transactions trigger explicit cardholder verification.
Fraudsters attempt to bypass 3DS through social engineering: calling victims posing as bank fraud teams, telling them they need to approve a transaction, and capturing the one-time passcode the victim reads out. If you receive an unexpected call asking you to share a code you just received by SMS, hang up — your bank will never ask for this.