Need Help? Chat icon | Call - 1 888 414 7111
Merchant logo
Home > News and Blog

May 29, 2023
by David Goodale

What is Two-Factor Authentication for payment processing?

(Slightly edited from video transcript for greater readability)

Key Takeaways

Enhanced Security
Two-factor authentication (2FA) provides an additional layer of security by requiring customers to do an extra step during the e-commerce checkout process, typically by entering a password or text code that is provided to the cardholder by their card issuing bank.
Visa and Mastercard have implemented 3DSecure which is Two-Factor authentication for credit card transactions at any online store. If you use 3DSecure you can't get a chargeback for fraud.
Need help with this topic? Or a rate quote?
Whether its questions about this article, or you want to see how we can lower your costs. Don't hesitate to contact us.

Hello, David here at Today I'm tackling an easy question, what is two-factor authentication for payment processing? Stay tuned, we'll dig in in one second.

Two-factor authentication

two-factor authentication
Two-factor authentication is a second authentication step that occurs during the e-commerce checkout process

Now I'm going to start by talking about traditional online security.


You have AVS (Address Verification Service), that's where the customer types in their billing address, and you get the address verification security result.


Of course, on the back of your credit card, you also have that little three-digit number called the CVV code (Card Verification Value), that is an additional security check that people can utilize. It's like an extra thing that the credit card processor can tell you if it matched when an e-commerce transaction is processed.

But sometimes that's not enough, and that's where something like two-factor authentication comes in. That's where when the customer purchases something online, the transaction process is halted and a third-party kicks in. That third party is almost always the card issuing bank. That's where the card issuer won't let the transaction be approved unless the cardholder does something.

They have to take a second step, a second factor of authentication. Commonly that can a text to your cell phone. We got this order from Swiss for $50, press one if this is a legitimate transaction. Then the customer does it and the bank has now gone through the second factor of authentication. When the e-commerce transaction is processed then that second-factor authentication token is passed through with the transaction. Your credit card processor knows that this passed the second factor of authentication, it's more secure. I'm going to stop there because if you want more content on the technical specifics of, two-factor authentication, leave a message. When the transaction gets processed, the customer's doing this extra step, but it doesn't have to be a text.

It could be a phone call. The customer's card issuing bank calls the number on file, and says, hey, we've noticed your credit card's trying to be used at this merchant. Is that you? Your answer, you say yes. Again, you get the token. It could be a lot of folks. I noticed, my friends from the UK in particular, they'll have apps on their phones the bank app sends a notification to the phone and they scan their fingerprints on the fingerprint reader on the phone. That passes the second factor of authentication.

Two-factor authentication operates between the card issuing bank and the card holder

Now, here's an important bit. How the second factor of authentication works is between the card issuing bank and the cardholder. That's not up to you, the merchant, you don't have to deal with it, it's just going to magically happen. Visa and MasterCard have taken care of that for us thankfully. Now, just as a side note, in the European Union, there is a directive called SCA (strong customer authentication). That two-factor authentication is mandated in Europe for e-commerce transactions. Customers can't purchase online without going through it. I probably should have mentioned this a little bit earlier. The service that's most commonly used to do the second factor of authentication is called 3D secure. 3D security is the service offered by the card brands that it's the technical component that integrates two-factor authentication. I have a feeling I'm not doing a very good job of explaining this today.


When you're setting up your website and you want to use two-factor authentication, you would say to your credit card processor, I want to use 3DSecure. 3DSecure is the service used to do two-factor authentication. Every time you do run a transaction that is 3DSecure, and approved, i.e., it passed two-factor authentication. As a merchant, you can't get a chargeback for fraud. I should have, let me rephrase that. As a merchant, you can't get a chargeback for fraud. People can still call their bank and say, hey, I bought some shoes. The merchant never shipped them to me. If you utilize two-factor authentication, with 3DSecure you get the second factor of authentication approved. In other words, if the customer types in the text code on their cell phone, whatever they have to do, they cannot get a chargeback for fraud. It is a wonderful service.


I hope you found this video helpful. If you have any comments please leave a message. It's the second step in the e-commerce checkout process. Thanks for watching and have a nice day there. Bye now.

Related Topics
April 19, 2022
A chargeback is a dispute between a customer and the business. In this video we explore what a chargeback is, and some of the reasons that chargebacks occur.
April 07, 2022
If you get too many chargebacks your merchant account can be shut down. In this video we explore what you should do to keep your account in good standing if you've been targeted by fraudsters and suddenly start receiving a lot of chargebacks.
February 07, 2023
Card testing is an increasing problem for #ecommerce merchants. Fraudsters are constantly looking for ways to test cards. It's even a problem for payment processors, Visa and Mastercard. In this video David explains what card testing is, why fraudsters do it, and how to stop it, in addition to advice on how to get some of the fees reversed when it occurs.
January 20, 2022
Hello, David here at Today I'm going to tackle a very frustrating topic. Sometimes it's infuriating. What do you do when you get a chargeback and you lose it and it's completely unfair? What's left? Stay tuned, I'm going to do my best to help in one second.
May 14, 2021
In the past the best way to manually screen suspicious orders was to call the customer on the phone and ask them questions. Now, with modern web based video technologies it's possible to validate customers in a way that was never previously possible.
March 16, 2018
Visa is addressing some of the most common chargeback related complaints from merchants. Going forward, chargebacks are a thing of the past and will now be known as disputes.
March 22, 2023
A positive AVS result is an indicator of a legitimate transaction. In this short explainer video David explains what AVS is, how it works, and things to be aware of when relying on an AVS security result for any particular order.
March 25, 2023
It can be difficult to win a chargeback dispute. David explores different ways to shift the odds into your favour.
July 21, 2023
How does Visa and MasterCard chargeback arbitration work? When a merchant has fought a chargeback and lost there is still one more chance to turn it around by taking it to the card brands for arbitration.
July 28, 2023
Merchants with businesses that are prone to disputes need to be careful to stay below the Visa and MasterCard thresholds.
January 10, 2024
There is a strong argument that 3DSecure (version 2) is the single best anti-fraud tool available to any online merchant. In this video David explains what 3DSecure is, how it works, how you set it up on your website, and different ways that it can be configured.

Need professional guidance?
Contact us for a free one hour consultation.

Can I Help Lower Your Processing Fees?

If you found this content helpful, will you give me the opportunity to quote on your business?

View Rates
David Goodale About the Author

My name is David Goodale, CEO at Merchant I launched our business in 2001 and have over 20 years of expertise in the field of online payments. If you have a payments related question or project, and especially if it relates to multi-currency or international e-commerce don't hesitate to contact me. I'm always happy to help with an honest opinion, and enjoy chatting with folks from interesting businesses.

Toll free: 888-414-7111 ext. 5
Direct: (905) 901-2254