Peter Taylor
Published on: February 26, 2021
3D Secure (3-Domain Secure) was introduced by the PCI as a security standard for online transactions. Backed by Visa, Mastercard, American Express, UnionPay, Discover and JBC) – the protocol was designed specifically as an extra layer of security for card-not-present transactions online. You may know it in the form of “Verified by Visa” and “MasterCard SecureCode” – the box that pops up when you complete a purchase online.
Fraudsters are targeting card-not-present transactions. Consumers still tend to pick easy to remember passwords and this is a simple process for fraudsters to breach.
Version 1.0 of 3D Secure did improve security, but at the expense of the customer experience. The system authenticates cardholder information, usually requesting a password or PIN. These extra steps in the process are not a great experience, and the service is only available in browser-based transactions. This leads to a more frustrating customer experience, and a tangible drop in sales conversions (users simply cannot complete the transaction, or give up when they cannot remember their password).
Version 2.0 of 3D Secure has been introduced. The aim of the new standard is to further secure these transactions, whilst at the same time improving the customer experience, and adding mobile applications into the mix. The system now allows for replacements to passwords such as:
1. Biometric identification – face, fingerprint or voice recognition
2. 2FA (2 Factor Authentication) – using a username and password, but also something the user has unique access to, for instance a phone.
3. Risk-based authentication – allows issuers to make decisions based on additional data about the transaction, merchant and cardholder
The introduction of 3D Secure Version 2.0 will bring about stronger authentication, mobile transactions and an improved user experience.
However, TMT believes there are still some improvements that can be made. As an example, 2FA still has the potential to be intercepted and falsified by fraudsters due to the nature of SMS and email as the communications medium.
Organisations implementing 3D Secure v2.0 standards will need to consider a number of elements during rollout. TMT has designed a solution that will enhance and simplify the implementation; Verify.
TMT ID’s Verify product is a comprehensive mobile identity verification solution designed to validate and authenticate customers globally using their phone numbers. By leveraging authoritative data sources, including live intelligence from mobile network operators and regulators worldwide, Verify provides real-time insights into billions of mobile numbers.
Key Features:
Customer Onboarding: Verify ensures seamless and secure onboarding by confirming that a customer’s mobile number is real, active, and matches the personal information provided, such as name, address, and age.
Fraud Protection: The solution guards against account takeover frauds, including SIM-swap attacks, by alerting businesses in real-time to potential risks associated with such activities.
Data Cleansing: Verify performs real-time liveness checks to identify inactive or redundant mobile numbers, allowing businesses to maintain accurate and up-to-date customer databases.
In the realm of digital security, it’s essential to distinguish between One-Time Passwords (OTPs) and Two-Factor Authentication (2FA), as they serve different purposes and offer varying levels of protection.
One-Time Passwords (OTPs):
An OTP is a unique code that is valid for a single login session or transaction. Typically, OTPs are delivered via SMS, email, or generated by an authenticator app. While they add a layer of security beyond static passwords, OTPs—especially those sent via SMS or email—are susceptible to interception, phishing, and SIM-swapping attacks. Consequently, relying solely on OTPs may not provide sufficient protection against sophisticated threats.
Two-Factor Authentication (2FA):
2FA enhances security by requiring two distinct forms of identification:
Something you know: A password or PIN.
Something you have: A physical device, such as a smartphone or hardware token.
By combining these factors, 2FA significantly reduces the likelihood of unauthorized access, even if one factor becomes compromised. Modern implementations often utilize authenticator apps or hardware tokens to generate time-based codes, offering a more secure alternative to SMS-based OTPs.
Key Differences:
Security Level: While OTPs provide an additional layer of security, 2FA offers a more robust defence by combining multiple authentication factors.
Vulnerability: OTPs, particularly those transmitted via SMS or email, are vulnerable to interception and social engineering attacks. In contrast, 2FA methods that employ authenticator apps or hardware tokens are less susceptible to such threats.
Implementation: OTPs can be a component of 2FA but do not constitute 2FA on their own. True 2FA requires the combination of two different authentication factors.
In summary, while OTPs can enhance security, implementing comprehensive 2FA solutions—preferably those utilising secure methods beyond SMS or email—is advisable to safeguard against evolving cyber threats effectively.
For more information on how TMT can help with 3D Secure and 2FA enhancements, please visit TMT
Last updated on January 26, 2025
"Phone number verification plays a critical role in helping to detect and prevent online fraud. TMT ID’s TeleShield product provides easy access to global mobile data, enabling us to enhance the actionable results of our MaxMind minFraud® services."
"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”
"Working with TMT’s TeleShield service has expanded our ability to detect fraud and minimise the risk to our business. TeleShield brings peace of mind and the opportunity to stop fraud before it affects our customers’ bottom line or the service."
"LATRO relies on TMT’s TeleShield to provide the most up to date and reliable numbering qualification information within our fraud reporting tools, enabling us to protect our customer’s revenues and empowering them to defend themselves against fraudulent numbers."
"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."
"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."
"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."
"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."
"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."
We provide the most comprehensive device, network and mobile numbering data available
Contact us > Chat to an expert >
