I'm pretty sure you have to use a frame, all implementations of this I've seen use frames.
http://www.pcworld.idg.com.au/article/334105/3d_secure_online_payment_system_secure_researchers_say/[
^]
"One of their main points is how 3DS is integrated into Web sites during a transaction. E-Commerce Web sites
display 3DS in an iframe, which is a window that brings content from one Web site into another. The e-commerce Web site connects directly to a bank, which solicits a person's password in the iframe.
If the password is right, the transaction is complete. But the researchers argue that since there's no URL displayed with the iframe, it's difficult to tell whether it's genuine or not."
Some sites will achieve this by creating a modal dialog and load the frame into the dialog. But you have to use a frame because you are loading external content (the 3dsecure page from the bank) into your own site, and a frame is really the only way it can be achieved.