Online-payment icon

3D Secure 2 authentication

Integrate 3D Secure 2 authentication.

3D Secure 2 is an authentication protocol that provides an additional layer of verification for card-not-present (CNP) transactions. We recommend that you use it to comply with authentication regulations for online payments such as PSD2 SCA that requires strong customer authentication to make online payments in the European Economic Area, and to use liability shift rules.

We support two options:

  • Native: The card issuer performs the authentication within your website or mobile app using passive, biometric, and two-factor authentication approaches. For more information, refer to 3D Secure 2 authentication flows.

  • Redirect: Shoppers are redirected to the card issuer's site to provide additional authentication data, for example a password or an SMS verification code. The redirection might lead to lower conversion rates due to technical errors during the redirection, or shoppers dropping out of the authentication process.

Implementation options

3D Secure 2 authentication flows

A transaction that qualifies for 3D Secure 2 can go through either a frictionless flow or a challenge flow, depending on the issuer's requirements.

Frictionless flow

In a frictionless flow, the acquirer, issuer, and card scheme exchange all necessary information in the background through passive authentication using the shopper's device fingerprint. The transaction is completed without further shopper interaction.

Challenge flow

In a challenge flow, the issuer requires additional shopper interaction, either through biometrics, two-factor authentication, or similar methods based on SCA authentication factors.

Other 3D Secure flows

You can also implement the following alternative 3D Secure flows:

See also