Three domains are involved in the process of completing a 3D Secure transaction
- the merchant/issuer,
- the acquirer,
- the card schemes
The protocol was initially deployed by VISA to improve the security of online 'card-not-present' transactions, but other card schemes have quickly joined to develop their own products for 3D Secure transactions.
Card networks implemented the first version of 3D Secure in 2001. It provided a better security solution but a lot more has been needed since. The protocol had included static password and merchants and issuers had shared only some data to verify a cardholder's identity which throughout the years proved not to be enough.
A decade later in 2016, EMV Co, jointly owned by American Express, Discover, JCB International, Mastercard, China UnionPay, and Visa, released the 2.0 version in order to increase security for merchants and customers.
Soon after, EMV also published the 3DS 2.2 version whose testing support is expected to be available mid-2019.