3D Secure is an authentication protocol that provides an additional layer of verification for card-not-present (CNP) transactions. We recommend that you use 3D Secure to comply with authentication regulations for online payments such as PSD2 SCA, and to make use of the liability shift.
3D Secure has two available versions:
3D Secure 1: Shoppers are redirected to the card issuer's site to provide additional authentication data, for example a password or an SMS verification code. The redirection might lead to lower conversion rates due to technical errors during the redirection, or shoppers dropping out of the authentication process.
- 3D Secure 2: New version expected to replace 3D Secure 1 by 2020/2021. The card issuer performs the authentication within your website or mobile app using passive, biometric, and two-factor authentication approaches. For more information, refer to 3D Secure 2 authentication flows.
Until card schemes fully decommission 3D Secure 1 by 2020/2021, we expect that some issuing banks will continue to support and require 3D Secure 1. This means that you should be able to handle both 3D Secure 1 and 3D Secure 2 authentication on your checkout page.
Your 3D Secure implementation options
We provide the following options to support both 3D Secure versions, and comply with PSD2 SCA. For more information and detailed instructions, select how you want to integrate:
Redirect 3DS2 + 3DS1
Implement the fastest way to support 3D Secure, redirecting the shopper to another site to verify the payment.
Native 3DS2 + Redirect 3DS1
Provide a better shopper-experience by performing 3D Secure 2 authentication within your website or mobile app.
3D Secure 2 authentication flows
In a frictionless flow, the acquirer, issuer, and card scheme exchange all necessary information in the background through passive authentication using the shopper's device fingerprint. The transaction is completed without further shopper interaction.
In a challenge flow, the issuer requires additional shopper interaction, either through biometrics, two-factor authentication, or similar methods based on SCA authentication factors.
In an app-based flow, you always receive a
resultCodeof IdentifyShopper before receiving a
- In a web-based flow, the device fingerprinting step can also be skipped. In this case, you get a
resultCodeof ChallengeShopper immediately after submitting the payment request.
Other 3D Secure flows
You can also implement the following alternative 3D Secure flows:
Perform only the 3D Secure 2 authentication with us, and submit the payment authorisation later.
Use a third-party 3D Secure provider, and perform the authorisation request with Adyen.
Submit a 3D Secure 2 request without requesting for an authentication. Only available for Mastercard.