Overview
- Payments
- Value Added Service
- Canada
- Europe & UK
- United States
3D Secure 2 provides seamless ways to authenticate customers, providing support for mobile applications and for biometric and token validation, and streamlining the checkout experience using “frictionless” authentication.
Paysafe Group is compliant to 3DS version 2.1.0.
3D Secure 2 Features
The following table provides a quick overview of 3D Secure 2 features.
| Features | 3DS2 |
|---|---|
| Browser support | • |
| Tablet and mobile support | • |
| Seamless app integration | • |
| Biometric and token authentication | • |
| Rich data transfer | • |
| Merchant opt-out flexibility | • |
| Non-payment user authentication (subscriptions) | • |
| Strong Customer Authentication (SCA) compliant | • |
| Fast checkout experience | • |
| No enrollment required | • |
What Is "Frictionless" Authentication?
3D Secure 2 enables merchants and banks to share rich contextual cardholder data to quickly authenticate transactions behind the scenes without the additional consumer verification steps that typically cause friction during checkout (e.g., authentication redirects and remembering and entering static passwords). Merchants can now pass in over 100 fields during the authentication request that banks can then use to determine the risk level of the transaction. Using this enriched data transfer, the majority of low-risk transactions can be authenticated without requiring additional input from the consumer, leading to a safe, efficient, and frictionless checkout experience.
Steps in 3D Secure 2 Cardholder Authentication
Once you have set up a Paysafe Group merchant account, you can connect to the Paysafe Group Payments Platform with our simple-to-use API. See our Scenarios section for a quick overview of integration options when using the API. Here is a summary of the process:
-
Once the cardholder enters the card details, the merchant initializes the Paysafe 3D Secure 2 JavaScript SDK by calling the start() method and includes the public (single-use token generating) API key and the card BIN.
-
The JavaScript SDK opens a device fingerprinting session with the Issuer's ACS.
This step is skipped if the Issuer does not support 3D Secure 2; in that case, the flow will fall back to 3DS 1.0.2.
-
The JavaScript SDK returns the deviceFingerprintingId to the merchant to use in the Authentication request.
-
The merchant submits an Authentication request and includes the required fields along with the deviceFingerprintingId returned in step 3.
-
Paysafe interprets the directory server response and returns a response to the merchant that contains the status and threeDResult* parameters along with the authenticationId. If status=COMPLETED, then the merchant should consult the Liability Shift matrix to determine whether to proceed with the Authorization request. If status=PENDING and threeDResult=C then the card issuer has challenged the cardholder and requires additional verification.
* If the bank does not support 3D Secure 2, the API will automatically fall back to 3DS 1.0.2 and the threeDEnrollment parameter will replace threeDResult. See Scenarios and the threeDEnrollment parameter for more details
-
The merchant stores the authenticationId and passes the sdkChallengePayload as a parameter in the challenge() method to the JavaScript SDK.
- The JavaScript SDK communicates with the issuer's ACS to handle the challenge.
-
Once the challenge is complete, the merchant receives a callback from the JavaScript SDK that includes confirmation of the completed challenge along with the authenticationId parameter.
-
The merchant performs a server-to-server lookup using the stored authenticationId to obtain the 3DS Authentication result fields. If status=COMPLETED, then the merchant should consult the Liability Shift matrix to determine whether to proceed with the Authorization request.
- The merchant uses the Card Payments API to submit a payment Authorization request, containing the above values along with the original card details.
- Assuming these details are passed to the Card Payments API correctly and the card is 3D Secure 2 authenticated, fraud liability is typically shifted from the merchant to the bank.
- Cardholder Authentication (3D Secure 2) is a recommended step that merchants should implement in regions where the 3D Secure scheme is prevalent, to reduce the risks of fraud and chargebacks.
- If the response to a 3D Secure authentication is unsuccessful, merchants should consider asking the customer to resubmit their payment or to pay using a different payment method. For more information see 3D Secure 2 Results and Liability Shift.