3 Domain Security - is a new method of security mandated by the Card Associations to enhance the security of online transactions. Mastercard’s product is called “SecureCode” and Visa’s product is called “Verified by Visa”.

The 3D-Secure refers to three domains involved in the security, they are:

the Acquiring or Merchant’s bank
the Card Association’s financial networks ie Mastercard and Visa
the Issuing or Cardholder’s bank.

Very simply the system authenticates the cardholder before the transaction takes place by diverting the browser to the bank that issued the card, who then request some secret, perhaps a pin, from their cardholder that will conclusively prove that this actually is the cardholder entitled to use this card. Once they are satisfied that this is their cardholder they issue an authentication receipt which is then presented to the merchants bank along with the authorisation request. If the transaction is then approved by the issuing bank they may not charge the transaction back to the merchant because the cardholder disputes the transaction as not being originated by them.
Virtual Card Services is compliant and in fact was the first South African payment gateway to be certified by both Mastercard and Visa for 3D-Secure transactions through First National Bank, Standard Bank and ABSA.

3D Secure Helpdesks:

SBSA: 0861 201 311


Nedbank: (011) 710-4332


FNB: (011) 369-2999


ABSA: (012) 317-3344


BlueBean: 0861 201 314

Investec: (011) 286-9663

The Authentication process must be executed properly from beginning to end to ensure it is successful. When the result of the authentication process is PA-RES-STATUS = A, it means all is not well. ECI 06 means it was attempted and therefore the issuer is liable but the cardholder was not authenticated.

ECI Flag


01 - Indicates Merchant Liability

02 - Indicates Card Issuer Liability


05 - Indicates Card Issuer Liability

06 - Indicates Card Issuer Liability

07 - Indicates Merchant Liability