To recall, 3D Secure, also known as a payer authentication, is a recognized security protocol that helps to prevent fraud in e-commerce card transactions. It aims to ensure that the rightful cardholder makes each online payment. The name 3D refers to the three “domains”, the three parties involved in the process: the issuer (your bank), the merchant/acquirer and the interoperability domain that performs the authentication. Initiated and created by Visa and MasterCard, this additional layer of security[1] is branded as Verified by Visa and MasterCard SecureCode respectively.

In Luxembourg, 3D Secure currently works with credit cards and is completely free of charge. Two conditions must be fulfilled to use the service: the online merchant must support 3D Secure – the logos Verified by Visa and MasterCard Secure Code are displayed on its website – and you must enrol your credit card for this service. We therefore advise you to register your payment card using a LuxTrust means (Mobile or Token) by using one of the registration solutions offered by your bank. For your information, the current enrolment portal https://3ds.lu will be terminated at the end of the year.

From personal password to mobile

Since its adoption by most Luxembourg banks in 2012, 3D Secure technology has evolved a lot. Previously, a personal password was required. From 4 July 2016, to confirm your payment, you must enter a one-time password (OTP) only valid for your purchase transaction and sent by SMS (that is only possible until 31 December 2020) or generated by your LuxTrust Token[1]. From 30 June 2020, the validation with the LuxTrust Token benefits from two new features. If you use your classic Token, 3D Secure integrates now a “secret image” into authentication. This image systematically appears when you enter the single-use code to validate your purchase. This is the same image when you currently perform a transaction via your online bank. If you do not see or recognize the image, it is a sign that the site is fraudulent. In this case, you should immediately stop the transaction and contact LuxTrust or your bank to report it. If you have the LuxTrust Mobile application, you can now use it to validate your online purchases. In this way, your Token is no longer mandatory, and you are no longer blocked if you do not have it to hand.

Be aware that the SMS authentication solution will be decommissioned after 1January 2021. As a consequence, LuxTrust Token and Mobile application will be the only solutions to secure your e-commerce transactions. Don’t wait to enrol them with your card!

These innovations result from the market’s adaptation to comply with the European Payment Services Directive (PSD2). The aim is to enhance online transactions' security further and reduce the fraudulent use of credit cards on the Internet. From 1January 2021, the majority of EU e-commerce sites will ask you to authenticate yourself with 3D Secure when shopping online. 

Therefore, it is in your best interest to opt for the LuxTrust Mobile application if you want to continue to purchase online. By 2021, most Luxembourg banks will prioritize the LuxTrust Mobile app for all their online services.

For more information, you can consult the ING Luxembourg 3D Secure page.