/authorise) integration. If you are integrating using our Checkout APIs, refer to the 3D Secure on Checkout API documentation instead.
3D Secure is an authentication protocol that provides an additional layer of verification for card-not-present (CNP) transactions. We recommend that you use 3D Secure to:
- Comply with authentication regulations for online payments, such as PSD2 SCA.
- Avail of the liability shift. When a transaction has been authenticated through 3D Secure, the liability for fraudulent chargebacks shifts from you to the issuing bank.
If you have an existing integration with Adyen, see the section on adding 3D Secure to your Adyen integration.
Understanding 3D Secure versions
3D Secure has two available versions:
- 3D Secure 2: New version expected to fully replace 3D Secure 1 by 2020/2021. Unlike the previous version where shoppers are redirected to another site, in 3D Secure 2 the card issuer performs the authentication within your app or payment form. The issuing bank may verify the shopper's identity using passive, biometric, and two-factor authentication approaches.
- 3D Secure 1: Before a payment is authenticated, shoppers are redirected to the card issuer's site to provide additional authentication data such as a password or an SMS verification code. The redirection introduced in 3D Secure 1 might lead to lower conversion rates due to technical errors during the redirection or due to shoppers dropping out of the authentication process.
Until card schemes fully decommission 3D Secure 1 by 2020/2021, we expect that some issuing banks will continue to support and require 3D Secure 1. This means that you should be able to handle both 3D Secure 1 and 3D Secure 2 authentication transactions on your checkout page.
Your 3D Secure implementation options
We provide the following options to support both 3D Secure versions with your API integration:
Redirect authentication: If you already have an existing integration with Adyen, this is the fastest way to support both 3D Secure 1 and 3D Secure 2. We will check which version the issuer supports and provide a redirect URL where your shopper can complete either the 3D Secure 1 or a 3D Secure 2 authentication.
Native 3DS2 + Redirect 3DS1: Use our 3D Secure 2 helper functions for Web and SDKs for iOS and Android to perform 3D Secure 2 authentication within your site or mobile app. Based on issuer performance, our Authentication Engine might also route the payment to the 3D Secure 1 flow. For 3D Secure 1 authentication, you should handle the redirect on your client-side implementation.
Click on the options below if you want to learn about the integration steps. If you have an existing integration with us and want to know how you can support 3D Secure 2, proceed to 3D Secure 2 with your existing Adyen integration.
Support both 3D Secure 1 and 3D Secure 2 authentication through a redirect. This is the quickest way to start supporting both versions for PSDS2 SCA compliance.
Native 3DS2 + Redirect 3DS1
Support 3D Secure 2 natively and 3D Secure 1 through a redirect. This provides a better shopper experience and is a future-proof way for authenticating payments.
Implementing 3D Secure 2 with your existing Adyen integration
If you have an existing integration with us with a 3D Secure 1 implementation, you can already support 3D Secure 2. Similar to a 3D Secure 1 flow, you will need to redirect the shopper to the URL returned in the API response. If a transaction requires 3D Secure 2 authentication, we will provide a redirect URL which will take your shopper to our hosted page to complete the 3D Secure 2 authentication flow.
In the table below we discuss in detail how we will handle 3D Secure 2 across different integrations, and what you can do to improve the shopper experience should you choose to implement native 3D Secure 2 authentication.
|Your existing Adyen integration||What you need to do to support 3D Secure 2|
|Online payments API, with existing 3D Secure 1 integration.||Do nothing. 3D Secure 2 will be supported through a redirect.
However, if you want a better shopper experience, add 3D Secure 2 Components or use Drop-in on your client-side implementation.
|Quick integration Checkout SDKs|| Do nothing. 3D Secure 2 will be supported in Web, iOS, and Android SDKs through a redirect.|
However, if you want a better shopper experience with native 3D Secure 2 authentication, switch to our Web, iOS, and Android Drop-in solution available from versions 3.0.0 and later.
If you want to continue using the mobile SDKs, you can upgrade to the following versions which support 3D Secure 2:
|Plugins for Magento 1 and 2, PrestaShop, SFCC, or SAP Commerce (Hybris)||Upgrade to the following plugin versions to support native 3D Secure 2 authentication:|
|Hosted Payment Pages (HPP)||Do nothing. 3D Secure 2 will be supported through a redirect.|
However, we strongly recommend to move your implementation to our online payments API with the 3D Secure 2 Component for a better user experience.
|Classic integration or CSE, with existing 3D Secure 1 integration.||Do nothing. 3D Secure 2 will be supported through a redirect.
However, if you want a better shopper experience with native 3D Secure 2 authentication, use our helper functions for web and the Classic integration 3D Secure 2 SDKs for mobile.
|Online payments API, without a 3D Secure 1 integration.||Integrate 3D Secure redirect authentication to support both versions of 3D Secure or a combination of 3D Secure 2 native authentication and a 3D Secure 1 fallback.|
|Classic integration or CSE, without a 3D Secure 1 integration.||Integrate 3D Secure classic API redirect authentication to support both versions of 3D Secure or a combination of 3D Secure 2 native authentication and a 3D Secure 1 fallback.|
For guidelines on using 3D Secure with your current business model, see PSD2 SCA compliance and implementation guide.