In a regular 3D Secure 2 flow, the payment has to be authenticated by the issuer before it can be authorized. In a data-only flow, you use the same 3D Secure 2 infrastructure, but only to share shopper data with Visa or Mastercard directly. The card schemes then handle the risk evaluation and the authentication with the issuer. The data-only flow is particularly useful outside PSD2 SCA regulated markets.
Requirements
| Requirement | Description |
|---|---|
| Integration type | A 3D Secure 2 integration for Web, Android or iOS. We recommend a native 3D Secure 2 integration. |
| Limitations | The data-only flow is available for Visa and Mastercard outside PSD2 SCA regulated markets. |
| Setup steps | To use the Authentication Engine for the data-only flow, make sure that you:
To use the data-only flow without the Authentication Engine, make sure that you:
|
How it works
When you send a data-only request, Adyen sends it directly to Visa or Mastercard. The card schemes then handle the authentication request with the issuer, and include their risk evaluation in the authorization message. The issuer uses the risk evaluation data to improve their decision when authorizing a payment.
Because this flow only shares data, shoppers will not be presented with a 3D Secure 2 challenge. This also means that there is no liability shift for the data-only flow.
Use the Authentication Engine
We recommend using our Authentication Engine to make optimal use of the data-only flow. The Authentication Engine is included when you set up your native or redirect 3D Secure 2 integration with Adyen. Based on issuer readiness and performance uplift, the engine can make the best decision on when to use the data-only flow.
Make a data-only payment request
When you use the native or redirect 3D Secure 2 integration for Web, iOS or Android, the Authentication Engine will decide if the data-only flow is triggered. No further action is required on your side.
To optimize the engine and to help the card schemes and the issuers make better risk assessments, collect and submit as many of the following recommended fields as possible in your payment request:
- shopperIP
- paymentMethod.holderName
- shopperEmail
- billingAddress
shippingAddress(if available)threeDS2requestData.homePhone,threeDS2requestData.mobilePhoneorthreeDS2requestData.workPhone
The 3D Secure 2 API reference has more information about these fields.
If you want to force the data-only flow, or if you have built an API-only integration that uses our 3D Secure 2 component, make a POST /payments request containing the 3D Secure 2 fields and the following:
-
additionalData.threeDS2DataOnly: true. This forces the 3D Secure 2 data-only flow for all transactions where this flow is possible. -
For a better shopper experience, we recommend using specific 3D Secure 2 values. Depending on your integration:
- Checkout API v68 or earlier: include
allow3DS2: true. - Checkout API v69 or later: include
nativeThreeDS: preferred.
- Checkout API v68 or earlier: include
Check the resultCode included in the /payments response. If the resultCode is Authorised, inform the shopper that the payment was successful.
Test the data-only flow
Use the test card below to try the 3D Secure 2 data-only flow. Testing is only available for Mastercard.
| Card Type | Card Number | Expiry Date | CVC/CVV |
|---|---|---|---|
| Mastercard | 5201 2818 2278 3116 | 03/2030 | 737 |