The most important thing that merchant needs to know about 3D-secure(3DS) transaction is the liability shift. To make thing clearer, the following diagram shows that for any party that do not have 3D-secure in place will be liable and explore to the risk of unauthorized transaction chargeback.

MOLPay has the ability to process both 3DS and non-3DS transaction based on merchant’s requirement. Most of the case, we encourage merchants to opt for 3DS transaction only, especially for those who are selling digital goods (games, virtual products, e-book, downloadable softwares, app, instant top-up or reload services) that dispensed immediately just after payment made.

MOLPay helps to protect merchants’ interest regardless in both 3DS and non-3DS scenarios. MOLPay has preventive measurement by scanning on the card based on BIN database whether the card is mandatory for 3DS enrollment and/or whether it’s allowed to transact online (for e-commerce transaction). Then MOLPay will send the card information to acquiring bank to process and 3D flag status is obtained to compare with the merchant setting. Once it is detected as a non-3DS transaction, MOLPay will immediately void the transaction to safe guide merchant from getting any signal to issue or deliver their goods/services.

There are cases that some 3D enrolled cardholder actually can perform a non-3DS transaction. The transaction required cardholder to enter OTP from the SMS but eventually it’s a non-3DS transaction. This could happen when the issuing bank is having problem with their ACS or authorization module. This could be a hidden risk to many online sellers but not MOLPay merchants. For merchants that accept non-3DS transaction, MOLPay helps to increase the acceptance rate up to 98% with instant big data analysis in comparing with traditional rule-based filtering and provide 100% chargeback free coverage for merchants. Leveraging on the big data available on social media platforms, machine learning technology can actually process more than 80k of data points within a few milliseconds. Thus a very complex decision making process could be made immediately after the buyer clicks on a PAY button and we know the result almost real-time whether to process or to block the transaction.


As we have learnt that 3DS transaction should be fraud-free and chargeback free on unauthorized reason for acquiring parties, but it doesn’t mean that the issuing bank has no fraudulent transaction. Recently we have successfully detected a few fraudulent 3DS transactions from other countries, which our risk management team thinks that it might be inappropriate implementation of 3DS authorization method at issuing party. There are many ways of implementing 3DS authentication of cardholder. In Southeast Asia, the common practice is sending OTP SMS to cardholder’s registered mobile number. In other region, there might be different approaches in doing 3DS authentication. Fraudulent 3DS transaction could easily happen when the issuing party use default cardholder identity related data or fixed password to authenticate 3DS transaction, interception of SMS that contains OTP, MITM attack or leaking of individual data. However, acquiring party and merchant are still safe and is protected when encountering fraudulent 3DS transaction due to liability shift.