Online Payment 3DS Security Upgrade

by PisellAug 26th, 2025

Pisell Payment

To better protect both merchants and customers who use Pisell Payment, and to reduce the risks of fraud and chargebacks, Pisell has upgraded its online payment 3DS verification system. After this upgrade, customers’ bank cards must support and pass 3DS verification in order for payments to be completed successfully.

1. 3DS Security Upgrade
Pisell has optimized the 3DS verification system to enhance online payment security. This system is designed to prevent credit card fraud and ensure safe payments.

Cards without 3DS: After entering payment details, the transaction will fail and cannot be completed.
Cards with 3DS: The issuing bank will perform verification (either Frictionless Verification or Challenge Verification). Once passed, the payment will continue through the normal authorization process.

This upgrade significantly reduces the risk of card fraud and chargebacks, helping merchants save both time and money.

2. What is 3DS?
3DS (3-D Secure) is a security authentication service launched by Visa, MasterCard, and JCB to strengthen online credit card payments. It requires customers to confirm their payment with a verification step (for example, entering a one-time code sent by the bank) to ensure that the cardholder is the one authorizing the payment.

Core goal: To improve online payment security, protect customers’ funds, and prevent fraud.
How it works:
- Frictionless Verification: If the risk is low, the payment passes automatically without extra input, giving a smoother experience.
- Challenge Verification: If the risk is higher, the customer will be redirected to their bank’s page and asked to enter an SMS code or approve in their banking app.

Transactions that pass 3DS provide stronger protection. Transactions without 3DS carry a higher risk of fraud, and in such cases, recovering funds is much more difficult.

3. Impacts of the Upgrade
3.1 Safer Payments, Fewer Chargebacks
The upgraded 3DS system improves payment security and reduces disputes:

Secure payment entry: Cards without 3DS cannot be used, reducing fraud at the source.
Liability shift: For transactions completed through 3DS, in most cases the liability for fraud is shifted away from merchants, according to card network and issuing bank rules.
Merchant fund protection: With fewer chargebacks, merchants face less financial risk and can focus on growing their business instead of handling disputes.
Better customer experience: The upgraded 3DS process is smoother, reducing issues like page delays or scaling problems. This improves customer satisfaction and increases payment success rates.

Together, these changes create a safer and more reliable online payment environment for both merchants and customers.

4. Common Situations & Suggested Responses
Scenario 1: Customer sees the error page
Message on screen:
"Sorry, we cannot process your payment request due to risk control or other causes from the card issuer. Please change to another card or try other payment methods."

Explanation

The customer's card issuer does not support 3DS.
In Australia, some prepaid Visa/Mastercard gift cards sold at supermarkets or through Australia Post do not support 3DS.
Such cards have been repeatedly exploited by fraud groups: criminals use gift cards without 3DS protection to drain balances through unauthorized transactions. Customers often discover that their card balance has already been used up after purchase, or that the cards were stolen.
For merchants, accepting such cards can be risky — after providing goods or services, they may later face chargeback claims from banks, resulting in both financial loss and wasted time.
Australian media outlet A Current Affair reported similar cases:

"Customers have spoken out after A Current Affair recently highlighted the problems people are experiencing with the balance on some cards being drained by unauthorised transactions." (Source: 9Now – A Current Affair)

How to respond

Suggest the customer use another card from the same bank that supports 3DS.
Suggest trying a card from another bank that supports 3DS.
If available, recommend Apple Pay / Google Pay, which usually process transactions through 3DS as well.

Scenario 2: Customer complains "It's too complicated" or "It doesn't work"

Explanation

Not every transaction requires verification. The issuing bank decides when to trigger it — often for first-time, overseas, or high-value payments.
Customer benefit:
- Safer shopping with Pisell merchants: payments are protected by 3DS and not at risk of unauthorized use.
- As more merchants adopt 3DS, online shopping will become safer overall.
Merchant benefit:
- Less risk of chargebacks where merchants lose both goods and payment.
- Protects both merchants and genuine customers while blocking fraudsters.

Common reasons

Psychological resistance: Customer feels it's an extra step and doesn't want to learn how to do it.
Not the cardholder: A family member, friend, or fraudster tries to pay — the bank requires the actual cardholder.
Card does not support 3DS.
Verification issue: SMS/app notification not received, poor signal, blocked messages, or incorrect code.
Account problem: Verification passed, but insufficient funds or bank declined.

How to respond

Psychological resistance Suggested reassurance:

"This check doesn't happen every time — only when the bank thinks it's needed for your protection, such as large or unusual payments. It's a quick step to keep your card safe from fraud. Once you complete it, you can shop with peace of mind. This is a global bank security standard, not something extra we added."

Not the cardholder

"The bank requires the cardholder to complete the verification. Even if a family member is paying, only the cardholder can confirm."

Card does not support 3DS

Suggest switching to another 3DS-supported card from the same or another bank.

Verification issue

Ask the customer to check phone signal, blocked SMS folders, and app notification settings. If still not received, advise contacting their bank to confirm registered phone number/app access.

Account problem

Explain that passing 3DS ≠ guaranteed payment. The bank may still decline due to insufficient funds or internal rules. Suggest checking balance or contacting the bank.

Scenario 3: Customer sees verification page but says "I didn't get the code" / "No app notification"

Explanation

When the verification page appears, the payment request has already reached the issuing bank.
The bank judged that this payment requires confirmation by the cardholder (Challenge Verification).
The cardholder must receive a one-time code via SMS or a push notification in their banking app to complete the step.
Only after verification passes will the payment continue.
Important: Even if 3DS is passed, the payment can still fail later (e.g., insufficient balance).

Possible causes

Customer doesn't know what 3DS is or where to find the code.
Phone signal, SMS filtering, or app notifications are blocked.
Bank system error or outdated customer contact details.

How to respond

Ask customer to check:
1. Phone signal;
2. Spam/junk SMS folder;
3. Banking app notification settings.
If still no code/notification:
1. Suggest contacting their bank to confirm phone number/app setup.
Alternatives:
1. Try another card from the same bank;
2. Use a different bank's 3DS-supported card.

Scenario 4: Customer worries about being "double charged"

Explanation

Once in the 3DS process, only if the verification is completed and passed will the transaction move to the next step.
If the verification fails, is skipped, or the card doesn't support 3DS, the bank will not confirm the payment — no charge.
Even if 3DS is passed, the bank still checks other things (like sufficient funds, fraud rules). Only when all checks pass will the charge succeed.
Therefore:
- No verification / failed verification → No charge.
- Verified but account issue → Declined, no duplicate charge.
- Only true success → Always recorded by SMS/app transaction notice.

Common reasons

Customer sees verification page multiple times and assumes multiple charges.
Network lag or refresh makes the customer think duplicates may occur.
Bank shows "Pending," customer mistakes it for a final charge.
Customer unfamiliar with bank SMS/app records.

How to respond

Multiple verification pages

"Seeing the verification page just means the bank is checking your identity — it doesn't mean you've been charged. Only after finishing verification and the bank approving payment will money be deducted."

Network lag / refresh
1. Banks automatically cancel incomplete verifications — no charge.
2. Suggest:
  - Avoid clicking repeatedly;
  - Wait about 1 minute and check if the order shows as "Paid";
  - If not paid and no "Approved" transaction appears in your bank account, try again once.
Pending record

"'Pending' means the bank is holding the request, not a completed charge. Only when it changes to 'Approved' is the payment final. Please monitor or contact your bank."

Unfamiliar with records

"A real successful payment will always have a bank SMS, app transaction notice, or a transaction record. If you don't see one, the payment may not go through. If in doubt, you can call your bank."