Understanding 3D credit card security and how it could affect your trips to other countries

Jun 10, 2022

This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. Terms apply to the offers listed on this page. For an explanation of our Advertising Policy, visit this page.

As international travel continues to rebound, you may begin using your computer to make online purchases in other countries once again. And for items with a limited supply — like high-demand train routes, popular tourist attractions and specific guided tours — it’s critical to confirm these reservations ahead of time in case they sell out.

Unfortunately, you can’t always rely on your travel credit cards to successfully complete these international transactions. It all comes down to the legal requirements associated with credit card security, which can vary greatly, depending on where you are going.

In theory, travel rewards credit cards should be ideal for travel, but increasingly sophisticated technology could affect your upcoming trips outside the U.S.

Here’s what you need to know about credit card security technology and what you can do to reduce your chances of encountering problems along the way.

Get the latest points, miles and travel news by signing up for TPG’s free daily newsletter.

In This Post

What is 3D Secure?

a credit card and smart phone lay next to an open laptop
(Photo by TravelCouples/Getty Images)

The credit card security technology 3D Secure (or 3DS, as it’s sometimes called) helps verify whether online transactions are authentic. It checks a number of factors to authenticate a purchase, including the location of the user, the history of purchases on that credit card and even whether the personal data provided during the transaction matches what the bank has on file.

If the technology identifies any abnormalities during this verification process, it may institute an additional security check via text message, email or phone call before completing the purchase.

The goal of 3DS is to provide better authentication of transactions to help everyone involved: customers, banks and online merchants. Users benefit from an improved experience with a simpler transaction. Banks benefit from reduced fraud and chargebacks. And merchants benefit by having an easier process for consumers so that they actually complete the transaction and spend money with the merchant.

However, there’s more to 3DS than these basics.

How 3DS came about — and improved

Credit card standards as we know them date back to 1995, when three companies — Europay, Mastercard and Visa — came together and created the chip-based EMV technology added to credit, debit and prepaid cards. Since then, other banks like JCB, China UnionPay and Discover have adopted EMV.

EMV continued to evolve over the years, ushering in new credit technology, such as contactless card payments.

In the fall of 1999, 3D Secure — a more modern version of EMV — emerged. However, its first iteration faced some criticism, as browser redirects to verification portals appeared fraudulent, causing many consumers to abandon transactions. But when an updated version was unveiled in October 2016, it quickly became the new industry standard for reducing fraud.

By providing more contextual information (such as a card’s transaction history and mailing address) during checkout, fewer consumers questioned the legitimacy of the verification process. That is because the revised process, which limited the number of transactions requiring authentication and supported authentication via biometrics or a bank’s mobile app, lacked the noticeable interruptions or burdens of the former version.

“While they are being authenticated and getting the benefits of higher security, they’re not disrupted in their experience in terms of the flow of the transaction,” said Ranjita Iyer, Mastercard’s senior vice president of cyber and intelligence for North America. “It is completely frictionless. Many times, they don’t even really see the authentication.”

Where US credit card issuers are in adopting 3DS

an unidentified person holds and open wallet full of credit cards, cash and a metro pass
(Photo by The Points Guy)

Once the benefits of the revised 3DS technology became apparent, the U.S. began requiring credit card processing networks and issuing banks to use 3DS. However, where the payment processors and issuing banks stand on implementation is not equal. Merchants in the travel sector have adopted 3DS at a higher rate than merchants in other categories, according to Iyer.

For example, Mastercard supports both the latest protocols at scale for every issuer of Mastercard products in the U.S. and implementation for every merchant wanting to participate in authentication during transactions, according to Iyer.

At Wells Fargo, the latest iteration of 3DS has been applied across all of its consumer and small-business credit cards, according to a company spokesperson. When authentication is required for a transaction, Wells Fargo cardholders can choose to receive a code via SMS or a notification in the Wells Fargo app.

Likewise, Discover has fully implemented the second-generation version of 3DS via a proprietary product called ProtectBuy, according to a company spokesperson.

American Express also has a proprietary product called SafeKey 2.0 that it uses to apply 3DS technology across all of its in-house credit card products. “Since first implementing 3D Secure technology in 2010, we’ve been hyper-focused on optimizing the SafeKey journey to ensure a positive customer experience,” said J.J. Kieley, vice president of payment products at American Express.

However, the same can’t be said for American Express cards issued by other banks. “We are continuing to work with our bank issuing partners and third-party providers as they uplift their cards to be SafeKey 2.0 compatible,” Kieley said.

What to expect in other countries

a black woman holds a credit card while looking at a laptop
(Photo by jacoblund/Getty Images)

Despite most U.S. issuers making strides in implementing 3DS technology — note, though, that it is not required for U.S. merchants — the same can’t be consistently said for other countries.

Within the European Union, 3DS is mandatory for all online transactions. Additionally, the United Kingdom, Bangladesh, India, Malaysia, Nigeria, Singapore and South Africa all require using 3DS for online transactions.

However, countries like Australia have blocked prior attempts to make 3DS mandatory, citing extra costs that would be passed on to consumers as the primary deterrent to using the technology.

Curious to see what 3DS is like in other countries and if any issues come up when using certain credit cards for online purchases, we decided to test transactions for two popular tourist destinations: Greece and Japan.

Tourist sites in Greece

First, we attempted to purchase tourism tickets for the Agora in Athens, Greece, from the Hellenic Organization of Cultural Resources Development.

screenshot of capital one and visa logos on a page saying a code will be sent by text message to confirm an online transaction
(Screenshot from etickets.tap.gr)

Our first purchase used Capital One Venture X Rewards Credit Card. The ticketing website required verification with a one-time code sent via text message.

Purchases with the Chase Sapphire Reserve (a Visa card), the World of Hyatt Credit Card (a Visa card) and the Barclaycard Arrival Plus® World Elite Mastercard® passed and were frictionless.

When attempting to buy tickets with my Alaska Airlines Visa Signature® credit card, I received an error message.

screenshot of Bank of America and Visa logos on a page saying to call to verify an attempted online transaction
(Screenshot from etickets.tap.gr)

Bank of America flagged the purchase as potentially fraudulent, resulting in me needing to call and complete a multistep verification process before the bank would authorize the transaction. However, the website timed out during this process, so I had to start my ticket purchase again from the beginning.

We were unable to try any American Express cards, as the website does not accept them for purchases.

Train tickets in Japan

For Japan, we attempted to purchase bullet train (Shinkansen) tickets from Japan Railways Smart Ex. Before you can purchase these tickets, you must create a user profile, which requires adding a default payment method. The website specifically states that the card must meet 3DS requirements before you can add it to your profile.

Screenshot of requirements for credit card use on Smart-EX Japanese train website
(Screenshot courtesy of smart-ex.jp)

I attempted to add three different Visa cards — the World of Hyatt card, the Chase Sapphire Reserve and the Alaska Visa Signature card — to my user profile during registration, but all three failed. When attempting to add these cards as a payment method on the Smart Ex website, I received a message saying that the issuing bank had not set up the required security protocols to work properly with 3DS authentication on that website.

Next, I tried The Platinum Card® from American Express. After adding it to my profile, the website routed me to American Express’ intermediary page called SafeKey, where the request was processed for a few seconds before I received a “success” message and was routed back to the Smart Ex website.

I then tested out adding my Arrival Plus card to my profile, which ended up generating a similar response as the Amex Platinum. I was routed to the SecurPass website, where I received a one-time code via email.

Screenshot of Barclays logo and Mastercard SecureCode/SecurePass logos on a page saying a code will be sent by email to complete an online transaction
(Screenshot from smart-ex.jp)

As you can see, this is a very mixed bag of results. Some of the most popular cards for travel purchases required additional verification, while others were outright denied from making purchases with select international merchants.

What you can do to reduce or avoid issues

a woman and man sit at a kitchen table while looking at a laptop
(Photo by Maskot/Getty Images)

If you are planning a trip to another country and want to avoid issues with online purchases — both during your trip and for reservations you want to make before leaving home — what can you do?

We asked the credit card issuers what advice they have for people experiencing authentication problems.

Discover’s spokesperson suggested regularly checking your contact information on file with your bank and credit card company since that’s how the bank will contact you if authentication is required. Having incorrect information on file with your credit card company can also increase your odds of a transaction being flagged as fraudulent, as it will look suspicious if the address and phone number you provide during the online purchase don’t match what your bank has on file.

Should you run into issues while in the middle of making an online purchase, consider contacting the merchant directly, according to a spokesperson for Wells Fargo. This is because the merchant’s acceptance policies are likely behind the trouble you’re experiencing, not the bank or credit card issuer. If this doesn’t work or proves too time-consuming, the spokesperson recommends finding another way to pay.

Bottom line

an unidentified person holds a credit card in one hand while typing on a keyboard with the other hand
(Photo by Poike/Getty Images)

Understanding the security features built into your credit card and how these interact with laws in other countries can help you be informed about potential issues when using your credit card in another country. It can also reduce the likelihood of having a problem using your credit card online to purchase tickets or make reservations for an upcoming trip to another country.

All banks and credit card processing networks in the U.S. require 3D Secure, so your credit cards should be accepted and should not require extra authentication. However, that doesn’t mean the merchant (where you are making a payment) will always interpret the rules correctly, so ensuring your contact information is updated with your credit card company will help you pass extra security authentication if prompted.

Featured photo by Guido Mieth/Getty Images.

Citi Premier® Card

This card offers a 80,000-point bonus after spending $4,000 in the first three months. Plus, earn 3 ThankYou points per $1 at gas stations, restaurants, supermarkets and on air travel and hotels. 1 ThankYou point per $1 on all other purchases.

Apply Now
More Things to Know
  • For a limited time, earn 80,000 bonus ThankYou® Points after you spend $4,000 in purchases within the first 3 months of account opening
  • Earn 3 Points per $1 spent at Restaurants and Supermarkets
  • Earn 3 Points per $1 spent at Gas Stations, Air Travel and Hotels
  • Earn 1 Point per $1 spent on all other purchases
  • Annual Hotel Savings Benefit
  • 80,000 Points are redeemable for $800 in gift cards when redeemed at thankyou.com
  • No expiration and no limit to the amount of points you can earn with this card
  • No Foreign Transaction Fees on purchases
Regular APR
18.24% - 26.24% (Variable)
Annual Fee
$95
Balance Transfer Fee
Balance transfer fee applies with this offer 5% of each balance transfer; $5 minimum.
Recommended Credit
Excellent, Good

Editorial Disclaimer: Opinions expressed here are the author’s alone, not those of any bank, credit card issuer, airlines or hotel chain, and have not been reviewed, approved or otherwise endorsed by any of these entities.

Disclaimer: The responses below are not provided or commissioned by the bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser’s responsibility to ensure all posts and/or questions are answered.