3D Secure 2

3D Secure 2 enables merchants and banks to share rich contextual cardholder data to quickly authenticate transactions behind the scenes without the additional consumer verification steps that typically cause friction during checkout (e.g. authentication redirects, remembering and entering static passwords). Merchants can now pass in over 100 fields during the authentication request that banks can then use to determine the risk level of the transaction. Using this enriched data transfer, the majority of low-risk transactions are able to be authenticated without requiring additional input from the consumer, leading to a safe, efficient, and frictionless checkout experience.

When 3D Secure 2 is used in conjunction with an authorization request through the Card Payments API—requiring the customer to authenticate the card used in the transaction—a major advantage to the merchant is that with disputed payments the financial liability can shift from the merchant to the card issuer. This means that in the event of a dispute or chargeback for fraud reasons (e.g., customer claims they did not make the transaction), the cardholder or in some cases the card issuer will be responsible for the amount authorized on the original transaction. The merchant will still receive the funds from the transaction, greatly reducing the risk of chargebacks.

There is no liability shift for non-fraud-related chargeback reasons, such as goods not delivered or defective goods.

API Implementation

The 3D Secure 2 API is used together with the Card Payments API:

  • Use the 3D Secure 2 API to request authentication.
  • Process the authorization with the Card Payments API.

3D Secure 2 Payment Integration Process

The payment integration process with 3D Secure 2 is as follows:

  1. A merchant uses the 3D Secure 2 API to collect the device fingerprint ID and authenticate the cardholder.
  2. The card issuer determines whether to challenge the cardholder or (if they have received enough contextual data) to complete the authentication.
  3. The Paysafe returns a response to the merchant. Depending on the result, the merchant either continues with the cardholder challenge or consults the Liability Shift matrix to determine whether to proceed with the Authorization request.
  4. After consulting the Liability Shift matrix, if the merchant decides to proceed, the merchant posts an authorization to Paysafe using the Card Payments API. The request contains the appropriate 3D Secure 2 Authentication results ( eci, cavv, threeDResult, threeDSecureVersion ...).
  5. Once an authorization has been obtained from the card issuer, the merchant can process a settlement (capture a payment), using the Card Payments API.

For more information, see the 3D Secure 2 section.

Did you find this page useful?