Dynamic 3D Secure

3D Secure is a platform provided by the credit card schemes, which allows you to implement another layer of security on your Card-Not-Present transactions. During a 3D Secure transaction, the shopper is redirected to a site controlled by the issuing bank of the card to answer additional security questions - usually a unique password or SMS verification. This further reduces the chance that a fraudulent transaction can occur. There is an automatic chargeback liability shift to the issuing banks for personal cards after you initiate 3D Secure transaction.

RevenueProtect includes a Dynamic 3D Secure engine, which enables the establishment of rules that dictate whether a call for local payment methods goes through to 3D Secure or not. All transactions that are sent in with browserInfo go through this engine. If the rule determines that 3DS should be used, the Directory Lookup call is made. If the rules determine that 3DS should not be used, an authorization call occurs without 3D Secure. 

if no rules have been defined in the Dynamic 3D Secure engine, all transactions goes through a 3D Secure directory lookup call. This allows you to maintain a 3D Secure routing logic on your side by controlling when browserInfo is sent.

While the liability shift with 3D Secure is appealing, there is a significant risk to lowering your conversion rate during 3D Secure. Many customers are still not familiar with 3D Secure and may not successfully pass verification. Further, client-side technical errors may occur with the redirect.

In order to mitigate any effects on conversion, Adyen has developed a robust dynamic 3D Secure system where you can optimize which transactions they send to 3D Secure while letting most trusted transactions through without 3D Secure. 

This functionality is not enabled by default, as it requires additional configuration on Adyen's end. Contact the  Adyen Support Team to request enabling it for you.

Dynamic 3D Secure criteria

The following criteria can be used to configure dynamic 3D Secure rules. Different criterion can be combined to create nested rules. For example, you may decide to only use 3D Secure when the transaction is an issuing card from Mexico, with a risk score above, 70, and a transaction value above $100. 

Criteria

Description

Issuer country

The country that the card is issued out of.

Shopper Country

The country of the shopper, based on the IP address submitted with the payment.

Payment Method

The payment method type for the transaction (ex. Amex, Visa Platinum, etc.)

Device Type

You can indicate mobile vs. desktop transactions. The transaction must have device data submitted with it for this feature to work.  

Amount

This allows for the configuration of rules based on transaction value in multiple currencies. The rule will automatically convert currencies. For example, a 20 Euro rule would trigger on the equivalent amount in GBP automatically.

Risk Score

Allows the targeting of 3D Secure for only transactions that meet certain risk score thresholds.

Note: If a transaction's risk score is 100 or more, it is always rejected by RevenueProtect and, thus, will not use 3D Secure.

BIN and BIN Range

You can target sets of BINs or BIN Ranges to use 3D Secure only for transactions from certain issuing banks.

BIN Group This allows you to select a BIN Group from the predefined list of groups.

Risk 3DS Override

This controls 3DS on transactions for which specific risk checks are triggered. It applies only to FRAUD results and display active pre-auth checks

It is not available by default, contact Adyen Support Team to know if this is for you.


Configuring Dynamic 3D Secure rules

The Dynamic 3D Secure rules engine allows for the creation of unlimited stack-ranked rules, through which you can manage whether or not a 3D Secure enabled transactions goes through 3D Secure.

A few things to keep in mind about the rules Engine:

  • All rules are maintained at the merchant account level and effect transactions in that account.

  • Some generic rules may be system wide and thus trump rules in the Dynamic 3DS Engine, such as the mandate that all Maestro payments use 3D Secure.

  • Rules trigger from first to last - if any rule triggers, it follows the configured option for that rule to either use or not to use 3D Secure.

  • If no rules trigger, the 3D Secure enabled transaction uses 3D Secure.

A few tips on creating rules:

  • Wherever possible, create several simple rules as opposed to combining many logic points into a single rule.

  • The sub-components of the rules always comprise an AND statement. If you want to use OR statements, you need to create a new rule.

  • The default option that you choose (to use or not to use 3D Secure) should always be the last option. This way the system first checks the all the previous rule that you may have created and then goes on to the default rule.

Rule configuration Examples

Scenario 1:

You experiencing significant fraud in transactions above $200 in the U.S. and €250 in Germany. You decide to focus on high-risk transactions in these regions but not use 3D Secure for other trustworthy transactions.

Rules you should set up:

  1. ALWAYS use 3D Secure when transaction >= $200 AND risk score >50 AND issuing country = United States

  2. ALWAYS use 3D Secure when transaction >= €250 AND risk score >50 AND issuing country = Germany

  3. NEVER use 3D Secure

The use of a NEVER rule should always be the last rule. This rule catches any scenarios that don’t match rule 1 and 2 and not use 3D Secure.

Scenario 2: 

You are planning expanding your business in the United States. You have previously used 3D Secure in the U.K. where conversion rates are high and want to avoid using 3D Secure in the United States. All your traffic is from U.K. and U.S.

Rules you should set up:

  1. NEVER use 3D Secure when issuing country = United States

Only a NEVER rule is needed since the default action is for transactions to use 3D Secure. With this setup all U.K. transactions would use 3D Secure. If you want to be more explicit, you can create an ALWAYS rule for U.K.

Questions

Can't find something you are looking for? Look at our FAQ for answers or send an email to support.