No momento, esta página não está disponível em português
Checkout icon

Data-only flow

Implement 3D Secure 2 to only share data with Visa or Mastercard instead of sending an authentication request.

In a regular 3D Secure 2 flow, the payment has to be authenticated by the issuer before it can be authorized. In a data-only flow, you use the same 3D Secure 2 infrastructure, but only to share shopper data with Visa or Mastercard directly. The card schemes then handle the risk evaluation and the authentication with the issuer. The data-only flow is particularly useful outside PSD2 SCA regulated markets.

Requirements

Requirement Description
Integration type A 3D Secure 2 integration for Web, Android or iOS. We recommend a native 3D Secure 2 integration.
Limitations The data-only flow is available for Visa and Mastercard outside PSD2 SCA regulated markets.
Setup steps To use the Authentication Engine for the data-only flow, make sure that you:
To use the data-only flow without the Authentication Engine, make sure that you:

How it works

When you send a data-only request, Adyen sends it directly to Visa or Mastercard. The card schemes then handle the authentication request with the issuer, and include their risk evaluation in the authorization message. The issuer uses the risk evaluation data to improve their decision when authorizing a payment.

Because this flow only shares data, shoppers will not be presented with a 3D Secure 2 challenge. This also means that there is no liability shift for the data-only flow.

Use the Authentication Engine

We recommend using our Authentication Engine to make optimal use of the data-only flow. The Authentication Engine is included when you set up your native or redirect 3D Secure 2 integration with Adyen. Based on issuer readiness and performance uplift, the engine can make the best decision on when to use the data-only flow.

Make a data-only payment request

When you use the native or redirect 3D Secure 2 integration for Web, iOS or Android, the Authentication Engine will decide if the data-only flow is triggered. No further action is required on your side.

To optimize the engine and to help the card schemes and the issuers make better risk assessments, collect and submit as many of the following recommended fields as possible in your payment request:

The 3D Secure 2 API reference has more information about these fields.

If you want to force the data-only flow, or if you have built an API-only integration that uses our 3D Secure 2 component, make a POST /payments request containing the 3D Secure 2 fields and the following:

  • additionalData.threeDS2DataOnly: true. This forces the 3D Secure 2 data-only flow for all transactions where this flow is possible.

  • For a better shopper experience, we recommend using specific 3D Secure 2 values. Depending on your integration:

    • Checkout API v68 or earlier: include allow3DS2: true.
    • Checkout API v69 or later: include nativeThreeDS: preferred.

Check the resultCode included in the /payments response. If the resultCode is Authorised, inform the shopper that the payment was successful.

Test the data-only flow

Use the test card below to try the 3D Secure 2 data-only flow. Testing is only available for Mastercard.

Card Type Card Number Expiry Date CVC/CVV
Mastercard 5201 2818 2278 3116 03/2030 737

See also