{"title":"Enroll cards in 3D Secure","category":"default","creationDate":1776961628,"content":"<p>Making online payments within the European Economic Area (EEA) or the UK requires authenticating the cardholder before a transaction can proceed.<\/p>\n<p>Under Payment Services Directive 2 (PSD2) that regulates secure payments through Strong Customer Authentication (SCA), when the user makes a payment, they are required to provide two out of three factors:<\/p>\n<ul>\n<li>Knowledge: something only the user knows.<\/li>\n<li>Possession: something only the user possesses.<\/li>\n<li>Inherence: something the user is.<\/li>\n<\/ul>\n<p>To comply with the regulations, Adyen uses 3D Secure to do two-factor authentication (2FA).<\/p>\n<p>If the following two statements are true, then you must enroll your card in 3D Secure to direct the transactions for authentication with Adyen.<\/p>\n<ol>\n<li>You are issuing cards within the EEA or the UK.<\/li>\n<li>The cards that you issue can be used for online payments within the EEA or the UK.<\/li>\n<\/ol>\n<h2>Requirements<\/h2>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Requirement<\/th>\n<th style=\"text-align: left;\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\"><strong>Integration type<\/strong><\/td>\n<td style=\"text-align: left;\"><a href=\"\/pt\/issuing\">Issuing<\/a><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><strong>API credential roles<\/strong><\/td>\n<td style=\"text-align: left;\">To enroll cards in 3D Secure, make sure your API credential has the <strong>Bank SCA Webservice Role<\/strong>. For more information, refer to <a href=\"\/pt\/issuing\/manage-access\/webservice-roles\">Roles for API credentials<\/a>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Enroll your cards in 3D Secure<\/h2>\n<p>There are two ways to enroll your Adyen-issued cards in 3D Secure:<\/p>\n<ol>\n<li><strong>One-time password authentication<\/strong>: <a href=\"\/pt\/issuing\/3d-secure\/password-otp\">add the cardholder's mobile phone number and a password<\/a> when issuing cards. Once successfully enrolled, the cardholder will be prompted to provide their password and one-time password (OTP) sent to their phone number when they make an online payment.<\/li>\n<li><strong>Out-of-band authentication<\/strong>: <a href=\"\/pt\/issuing\/3d-secure\/oob-auth-sdk\">register the cardholder's device for subsequent authentication attempts<\/a>. With the out-of-band (OOB) authentication flow, you can direct the transaction authentication requests to your secure application on an eligible device. Once successfully enrolled, the cardholder will be prompted to complete the authentication in the application using a passcode or biometrics.<\/li>\n<\/ol>\n<h2 id=\"payments-without-authentication\">Payments that do not trigger 3D Secure<\/h2>\n<p>Not all online payments made within the EEA and the UK trigger 3D Secure authentication. This is because some online payments are out of scope or exempted from PSD2 SCA. For these payments, Adyen doesn't require the cardholder to provide an OTP and password or perform out-of-band authentication. The payment proceeds to <a href=\"\/pt\/issuing\/authorisation\">authorisation<\/a>.<\/p>\n<p>Reach out to your Adyen contact to check if any of the following exemptions apply to your use case.<\/p>\n<h3>Out-of-scope transactions<\/h3>\n<p>The following transactions are not within the scope of PSD2, therefore they do not require SCA.<\/p>\n<ul>\n<li>Transactions from cards issued outside of the EEA and the UK.<\/li>\n<li>Transactions with the acquirer based outside the EEA and the UK.<\/li>\n<li>Merchant-initiated transactions (MIT), used for recurring and subscription transactions. This does not apply to the initial transaction where the merchants set up the recurring or subscription contracts.<\/li>\n<li>Mail Order\/Telephone Order (MOTO) transactions.<\/li>\n<\/ul>\n<h3>Exempted transactions<\/h3>\n<p>If a payment is within the scope of PSD2 regulations, it can still be exempted from SCA. Exemptions can be applied by Adyen or requested by the acquirer. SCA is not required if a transaction is considered to be:<\/p>\n<ul>\n<li>Low value: This exemption applies if a transaction is less than EUR&nbsp;30. When the sum of consecutive transactions exceed EUR&nbsp;100, Adyen requires SCA.<\/li>\n<li>Secure corporate payment: Transaction from virtual cards.<\/li>\n<li>Low risk based on Transaction Risk Analysis (TRA): Adyen makes a risk-based decision on whether to perform authentication based on PSD2 regulations.<\/li>\n<\/ul>","url":"https:\/\/docs.adyen.com\/pt\/issuing\/3d-secure","articleFields":{"description":"Learn how to enroll cards in 3D Secure to authenticate the cardholder during online transactions.","feedback_component":true,"next_steps_description":"Before your users can start making payments with the newly issued card, you will have to choose how to authenticate them.","next_steps":[{"title":"One-time password authentication","description":"Add the cardholder's mobile phone number and a password to support 3D Secure.","url":"\/issuing\/3d-secure\/password-otp","required":true},{"title":"Out-of-band authentication","description":"Implement our SDK for out-of-band (OOB) authentication.","url":"\/issuing\/3d-secure\/oob-auth-sdk","required":true},{"title":"Troubleshooting","description":"Understand failed, out-of-scope, and exempted transactions.","url":"\/issuing\/3d-secure\/troubleshooting","required":false}],"parameters":{"directoryPath":"\/issuing"}},"algolia":{"url":"https:\/\/docs.adyen.com\/pt\/issuing\/3d-secure","title":"Enroll cards in 3D Secure","content":"Making online payments within the European Economic Area (EEA) or the UK requires authenticating the cardholder before a transaction can proceed.\nUnder Payment Services Directive 2 (PSD2) that regulates secure payments through Strong Customer Authentication (SCA), when the user makes a payment, they are required to provide two out of three factors:\n\nKnowledge: something only the user knows.\nPossession: something only the user possesses.\nInherence: something the user is.\n\nTo comply with the regulations, Adyen uses 3D Secure to do two-factor authentication (2FA).\nIf the following two statements are true, then you must enroll your card in 3D Secure to direct the transactions for authentication with Adyen.\n\nYou are issuing cards within the EEA or the UK.\nThe cards that you issue can be used for online payments within the EEA or the UK.\n\nRequirements\n\n\n\nRequirement\nDescription\n\n\n\n\nIntegration type\nIssuing\n\n\nAPI credential roles\nTo enroll cards in 3D Secure, make sure your API credential has the Bank SCA Webservice Role. For more information, refer to Roles for API credentials.\n\n\n\nEnroll your cards in 3D Secure\nThere are two ways to enroll your Adyen-issued cards in 3D Secure:\n\nOne-time password authentication: add the cardholder's mobile phone number and a password when issuing cards. Once successfully enrolled, the cardholder will be prompted to provide their password and one-time password (OTP) sent to their phone number when they make an online payment.\nOut-of-band authentication: register the cardholder's device for subsequent authentication attempts. With the out-of-band (OOB) authentication flow, you can direct the transaction authentication requests to your secure application on an eligible device. Once successfully enrolled, the cardholder will be prompted to complete the authentication in the application using a passcode or biometrics.\n\nPayments that do not trigger 3D Secure\nNot all online payments made within the EEA and the UK trigger 3D Secure authentication. This is because some online payments are out of scope or exempted from PSD2 SCA. For these payments, Adyen doesn't require the cardholder to provide an OTP and password or perform out-of-band authentication. The payment proceeds to authorisation.\nReach out to your Adyen contact to check if any of the following exemptions apply to your use case.\nOut-of-scope transactions\nThe following transactions are not within the scope of PSD2, therefore they do not require SCA.\n\nTransactions from cards issued outside of the EEA and the UK.\nTransactions with the acquirer based outside the EEA and the UK.\nMerchant-initiated transactions (MIT), used for recurring and subscription transactions. This does not apply to the initial transaction where the merchants set up the recurring or subscription contracts.\nMail Order\/Telephone Order (MOTO) transactions.\n\nExempted transactions\nIf a payment is within the scope of PSD2 regulations, it can still be exempted from SCA. Exemptions can be applied by Adyen or requested by the acquirer. SCA is not required if a transaction is considered to be:\n\nLow value: This exemption applies if a transaction is less than EUR&nbsp;30. When the sum of consecutive transactions exceed EUR&nbsp;100, Adyen requires SCA.\nSecure corporate payment: Transaction from virtual cards.\nLow risk based on Transaction Risk Analysis (TRA): Adyen makes a risk-based decision on whether to perform authentication based on PSD2 regulations.\n","type":"page","locale":"pt","boost":18,"hierarchy":{"lvl0":"Home","lvl1":"Adyen Issuing","lvl2":"Enroll cards in 3D Secure"},"hierarchy_url":{"lvl0":"https:\/\/docs.adyen.com\/pt","lvl1":"https:\/\/docs.adyen.com\/pt\/issuing","lvl2":"\/pt\/issuing\/3d-secure"},"levels":3,"category":"Issuing","category_color":"green","tags":["Enroll","cards","Secure"]}}