3D Secure 2.0

Verify card payments with 3D Secure 2.0, the next generation of card authentication.

3D Secure 2.0 is the new generation of authentication technology provided by card schemes, providing an additional layer of verification on Card Not Present (CNP) transactions.

When 3D Secure 2.0 authentication is used, the liability for fraudulent transactions shifts to the card issuer.

Unlike the first iteration of 3D Secure, you can use an iframe to implement the request for authentication asynchronously on the same page without redirection. That means your shoppers are not redirected and there is no negative impact on your conversion rate. In many cases the shopper's identity can be verified via their device fingerprint and additional information, resulting in a frictionless payment experience. If additional verification is required, this is now performed within the payments page of your website or natively in your mobile application.

Supported schemes

3D Secure 2.0 is supported by the following card schemes:

  • Visa
  • Mastercard
  • Discover / Diners
  • JCB
  • UnionPay
  • American Express
  • Cartes Bancaires

How it works

Authenticating a payment with 3D Secure 2.0 follows these steps:

  1. Your server submits a 3D Secure 2.0 payment request. This checks whether the shopper's card is enrolled with 3D Secure 2.0 and also applies additional Dynamic 3D Secure logic, if applicable.
  2. If the card is enrolled, your server receives a token and information that you need for using the SDK.
  3. The SDK fingerprints the shopper's device and passes the result to your server.
  4. Your server requests 3D Secure 2.0 authentication:
    1. If the device fingerprint is approved, authentication is completed and the payment is authorised.
    2. If the device fingerprint is not approved, the SDK requests additional verification from the shopper to authenticate the payment. If verified successfully the payment is authorised.

To reduce the number of API calls you need to make, you can optionally cache the data needed for 3D Secure 2.0 authentication. In this case, authentication will follow a slightly different flow. For more information, see Advanced flow with the Web SDK and Advanced flow with the in-app SDK.

Integration steps

To integrate 3D Secure 2.0 into your test payments flow, you'll need to:

  1. Configure your server to send and authenticate 3D Secure 2.0 payments.
  2. Integrate the 3D Secure 2.0 SDK into your websiteiOS application, or Android application.