If a payment card is enrolled in a 3D-Secure program, the cardholder data is “covered” by additional protection level. However, if 3D-Secure mechanism is incorporated into transaction processing, the procedure becomes slightly more complicated, as it involves an additional verification phase. During this phase card verification through a special module called merchant plug-in (or MPI) should be performed. MPI checks if the card (actually, the card-issuing bank) is enrolled in the 3D-Secure program. In case the card in enrolled, the cardholder identity is additionally verified: the cardholder is redirected to the issuer’s web-site, where he or she is required to input a unique password associated with the card. If the result of 3D-Secure verification is successful, the transaction can be actually processed.
More information about 3D-secure program and merchant plug-ins can be found in the respective article on #Paylosophy.