3D Secure failed in Sweden =================== Although not an official truth, this is the de-facto situation.
I can't say I know the global situation but I doubt that 3D Secure is a smash hit, in spite of the fact that we really need a new payment system on the Internet. The reason why 3D Secure failed is that the Swedish banks already had developed 3D Secure-like payment systems when 3D Secure was launched. These systems all have one thing in common that 3D Secure lacks: A way to use the system also for local debit using the same PAN, hereby bypassing the VISA/MC networks and associated additional fees. The culprit is the 3D architecture itself and it reliance on central brand directories. These directories does not only limit dual-use PANs, but also makes it impossible to redirect payment requests to a buying organization that in turn speak with the issuer, which would eliminate the monstrosity known as "P-Cards". If DNS had been used (like specifying "mybank.com" or "mycompany.com" instead of a credit-card number), 3D could have been the killer payment system. Using DNS, adding one-time PANs like Orbiscom's would also be a (user transparent) no-brainer, not requiring the usage of a specific "proxy PAN" for which there is no card. Currently, 3D represents just another more or less failed attempt by banks to create vital infrastructure. EMV is though likely to eclipse the 3D Secure debacle with a huge margin but that is another story... Anders Rundgren e-Security Architect etc.