Search

Are you looking for test card numbers?

Would you like to contact support?

Online-payment icon

3D Secure authentication

Explore your 3D Secure authentication options.

3D Secure is an authentication protocol that provides an additional layer of verification for card-not-present (CNP) transactions. We recommend that you use 3D Secure to comply with authentication regulations for online payments such as PSD2 SCA, and to make use of the liability shift.

3D Secure has two available versions:

  • 3D Secure 1: Shoppers are redirected to the card issuer's site to provide additional authentication data, for example a password or an SMS verification code. The redirection might lead to lower conversion rates due to technical errors during the redirection, or shoppers dropping out of the authentication process.

  • 3D Secure 2: New version expected to replace 3D Secure 1 by 2020/2021. The card issuer performs the authentication within your website or mobile app using passive, biometric, and two-factor authentication approaches. For more information, refer to 3D Secure 2 authentication flows.

Until card schemes fully decommission 3D Secure 1 by 2020/2021, we expect that some issuing banks will continue to support and require 3D Secure 1. This means that you should be able to handle both 3D Secure 1 and 3D Secure 2 authentication on your checkout page.

Your 3D Secure implementation options

We provide the following options to support both 3D Secure versions, and comply with PSD2 SCA. For more information and detailed instructions, select how you want to integrate:

3D Secure 2 authentication flows

A transaction that qualifies for 3D Secure 2 can go through either a frictionless flow or a challenge flow, depending on the issuer's requirements.

Frictionless flow

In a frictionless flow, the acquirer, issuer, and card scheme exchange all necessary information in the background through passive authentication using the shopper's device fingerprint. The transaction is completed without further shopper interaction.

Challenge flow

In a challenge flow, the issuer requires additional shopper interaction, either through biometrics, two-factor authentication, or similar methods based on SCA authentication factors.

  • In an app-based flow, you always receive a resultCode of IdentifyShopper before receiving a resultCode of ChallengeShopper.

  • In a web-based flow, the device fingerprinting step can also be skipped. In this case, you get a resultCode of ChallengeShopper immediately after submitting the payment request.

Other 3D Secure flows

You can also implement the following alternative 3D Secure flows:

See also