Search docs

Are you looking for test card numbers?

Would you like to contact support?

Start searching Adyen's documentation...

  Documentation

3D Secure authentication

Explore your 3D Secure authentication options.

3D Secure is an authentication protocol that provides an additional layer of verification for card-not-present (CNP) transactions. We recommend that you use 3D Secure to:

  • Comply with authentication regulations for online payments, such as PSD2 SCA.
  • Avail of the liability shift. When a transaction has been authenticated through 3D Secure, the liability for fraudulent chargebacks shifts from you to the issuing bank.

If you have an existing integration with us, see the section on adding 3D Secure to your Adyen integration.

Understanding 3D Secure versions

3D Secure has two available versions:

  • 3D Secure 2: New version expected to fully replace 3D Secure 1 by 2020/2021. Unlike the previous version where shoppers are redirected to another site, in 3D Secure 2 the card issuer performs the authentication within your app or payment form. The issuing bank may verify the shopper's identity using passive, biometric, and two-factor authentication approaches.
  • 3D Secure 1: Before a payment is authenticated, shoppers are redirected to the card issuer's site to provide additional authentication data such as a password or an SMS verification code. The redirection introduced in 3D Secure 1 might lead to lower conversion rates due to technical errors during the redirection or due to shoppers dropping out of the authentication process.

Until card schemes fully decommission 3D Secure 1 by 2020/2021, we expect that some issuing banks will continue to support and require 3D Secure 1. This means that you should be able to handle both 3D Secure 1 and 3D Secure 2 authentication transactions on your checkout page.

Your 3D Secure implementation options

We provide the following options to support both 3D Secure versions with your API integration:

  • Redirect authentication: If you already have an existing integration with Adyen, this is the fastest way to support both 3D Secure 1 and 3D Secure 2. We will check which version the issuer supports and provide a redirect URL where your shopper can complete either the 3D Secure 1 or a 3D Secure 2 authentication.

  • Native 3DS2 + Redirect 3DS1: Use Drop-in or 3D Secure 2 Component for Web, iOS, and Android to perform 3D Secure 2 authentication within your site or mobile app. If the issuer does not support 3D Secure 2, we will initiate a 3D Secure 1 fallback by default. For 3D Secure 1 authentication, you should handle the redirect on your client-side implementation.

Click on the options below if you want to learn about the integration steps. If you have an existing integration with us and want to know how you can support 3D Secure 2, proceed to 3D Secure 2 with your existing Adyen integration.

Implementing 3D Secure 2 with your existing Adyen integration

If you are using our Checkout SDKs, HPP, Plugins, or API with 3D Secure 1 integration, you don't have change anything. You can already support 3D Secure 2 authentication through the same redirect page.

If you have an existing integration with us with a 3D Secure 1 implementation, you can already support 3D Secure 2. Similar to a 3D Secure 1 flow, you will need to redirect the shopper to the URL returned in the API response. If a transaction requires 3D Secure 2 authentication, we will provide a redirect URL which will take your shopper to our hosted page to complete the 3D Secure 2 authentication flow.

In the table below we discuss in detail how we will handle 3D Secure 2 across different integrations, and what you can do to improve the shopper experience should you choose to implement native 3D Secure 2 authentication.

Your existing Adyen integration What you need to do to support 3D Secure 2
Online payments API, with existing 3D Secure 1 integration. Do nothing. 3D Secure 2 will be supported through a redirect.

However, if you want a better shopper experience, add 3D Secure 2 Components or use Drop-in on your client-side implementation.
Quick integration Checkout SDKs Do nothing. 3D Secure 2 will be supported in Web, iOS, and Android SDKs through a redirect.

However, if you want a better shopper experience with native 3D Secure 2 authentication, make sure you are on the following versions:
Plugins for Magento 1 and 2, SFCC, or SAP Commerce (Hybris) Do nothing. 3D Secure 2 will be supported in all plugins through a redirect.

However, if you want a better shopper experience with native 3D Secure 2 authentication, check back on this page or watch for our releases on our GitHub pages for Magento 1, Magento 2, Salesforce Commerce Cloud, or SAP Commerce (Hybris).
Hosted Payment Pages (HPP) Do nothing. 3D Secure 2 will be supported through a redirect.

However, we strongly recommend to move your implementation to our online payments API with the 3D Secure 2 Component for a better user experience.
Classic integration or CSE, with existing 3D Secure 1 integration. Do nothing. 3D Secure 2 will be supported through a redirect.

However, if you want a better shopper experience with native 3D Secure 2 authentication, use our helper functions for web and the Classic integration 3D Secure 2 SDKs for mobile.
Online payments API, without a 3D Secure 1 integration. Integrate 3D Secure redirect authentication to support both versions of 3D Secure or a combination of 3D Secure 2 native authentication and a 3D Secure 1 fallback.
Classic integration or CSE, without a 3D Secure 1 integration. Integrate 3D Secure classic API redirect authentication to support both versions of 3D Secure or a combination of 3D Secure 2 native authentication and a 3D Secure 1 fallback.

For guidelines on using 3D Secure with your current business model, see PSD2 SCA compliance and implementation guide.

Next steps