Solidgate logo in black and white.

Verified by Visa (VBV)

What is Verified by Visa (VBV)?

Verified by Visa (VbV), rebranded as Visa Secure in 2019, is Visa's implementation of authentication technology. This security feature adds an extra layer of identity verification during online checkout to protect cardholders and merchants from unauthorized transactions.
VbV runs on the 3-D Secure (3DS) protocol, the same standard other card networks operate under their own brands, including , American Express SafeKey, and Discover ProtectBuy. The current 3DS 2.0 version authenticates device and transaction data in the background, so most low-risk purchases clear without the cardholder doing anything extra.

Key facts

  • Also known as: (rebranded in 2019)
  • Based on: the 3-D Secure (3DS) protocol, currently version 2.0
  • Authenticated by: the card-, not the merchant
  • Cost: free for both cardholders and merchants
  • Network equivalents: Mastercard Identity Check, American Express SafeKey, Discover ProtectBuy
  • Main merchant benefit: on fraud-related chargebacks

How it works

  1. Checkout trigger – the enters card details, and the merchant's gateway sends a 3DS authentication request to the issuer.
  2. Risk assessment – under 3DS 2.0 the issuer reviews device, transaction, and behavioral data passed in the request to gauge risk.
  3. Challenge, if needed – for higher-risk cases the issuer prompts the cardholder to confirm identity through a one-time passcode (SMS or email), such as fingerprint or face ID, or approval in the bank's mobile app.
  4. Verification – the issuer checks the response and returns an authentication result to the merchant.
  5. Authorization – once authenticated, the payment moves on to and settlement.

Why it matters

  • For merchants: when a transaction is authenticated through 3DS, responsibility for fraud-related generally transfers from the merchant to the issuing bank.
  • For cardholders: the issuer verifies the buyer before the payment completes, blocking attempts where a fraudster has the card number but cannot pass the issuer's challenge.
  • For compliance: in the European Economic Area, 3DS is the primary way merchants meet requirements under PSD2.

Common issues

  • Checkout friction: a challenge prompt adds a step that can lead some cardholders to abandon the purchase, though the risk-based flow in 3DS 2.0 keeps most transactions frictionless.
  • Failed authentication: an outdated phone number, an undelivered passcode, or a card not enrolled in 3DS can cause authentication to fail and the payment to decline.
  • Scope of the liability shift: it applies only to fraud-related disputes; chargebacks filed for reasons like or product complaints stay with the merchant.

Related terms