3D Secure 2 Best Practices and Acceptance Guidelines
3D Secure 2 helps prevent fraudulent transactions and is required within Europe and the UK. As the ecommerce industry expands globally, trade between merchants and customers is increasingly crossing regional borders, and 3D Secure 2 adoption rates are rising.
When implementing 3D Secure it is important to try and optimize your integration and increase successful customer authentications. We have produced a set of best practice guidelines to help improve your 3D Secure acceptance rates, allowing you to benefit as much as possible from the implementation.
3D Secure Challenge Flow and Transaction Abandonment
User experience plays an important role in the success of 3D Secure customer authentication. As part of the 3D Secure process, customers may be asked to authenticate with their issuing bank through an externally hosted page (ACS URL). This authentication flow is often referred to as the 3D Secure ‘Challenge’.
Example of a bank authentication window shown to customers during the authentication process:
Unfortunately, you have limited control over the external 3D Secure page, and this additional authentication step can often be confusing to customers, particularly those who are using 3D Secure with their bank for the first time. Consequently, the 3D Secure challenge flow may result in transaction abandonment.
Best Practice Recommendations
To improve conversion rates and decrease transaction abandonment, we recommend that you improve the customer journey as much as possible by following these best practice guidelines:
- Provide guides and helpful information on your checkout page to help customers successfully complete their transactions.
This will also improve revenue and customer satisfaction as well as reducing customer support requests. - Where possible, embed the 3D secure challenge window within your checkout page so that customers stay on your page throughout the entire checkout process, interacting with their bank's 3D Secure window within a modal.
We have found that embedding the 3D Secure challenge window within a checkout page reduces the potential for customers to become confused and disoriented with the behavior of their browser or mobile device. - Request 3D Secure exemptions advantageously in order to skip the 3D Secure authentication process and provide a more frictionless customer journey.
Note that when you request 3D Secure exemptions, the liability shift will fall on you, so you should only request exemptions for transactions that are the lowest risk to your business. - Be aware of your current 3D Secure authentication performance to understand what is affecting your success rate (see below).
Authentication Performance and 3D Secure Results
When authenticating with 3D Secure, you receive a result flag threeDResult in the response message, indicating the outcome of the authentication - see 3D Secure 2 Results and Liability Shift for more information.
By monitoring the outcome of 3D Secure authentications, you can gain an understanding of your 3D Secure authentication acceptance rate. Successful scenarios occur when threeDResult = ‘Y’ or ‘A’.
Unsuccessful scenarios occur for various reasons:
| threeDResult | Reason |
|---|---|
N
| You receive this code when the customer or issuing bank has returned a failed response. This is a genuine decline reason and can only be remedied by the customer either retrying the 3D Secure authentication or using a different card. Depending on your customer behavior and the region you operate in, this result code should not make up a high percentage of your 3D Secure transactions. If a larger than usual proportion of your traffic is receiving this result code, contact Technical Support for assistance. |
U | You receive this code when 3D Secure authentication is unavailable. In this scenario, there is either a problem with the issuing bank not supporting 3D Secure, the issuing bank is unreachable (network downtime), or there is an issue with your 3D Secure configuration. If there is an issue with your 3D Secure configuration, you will probably see traffic failing for all of the separate card brands you have configured (Visa/MC/Amex etc). As this result code is likely due to a temporary issue, you can ask the customer to try again now or later, or alternatively use a different card. If a larger than usual proportion of your traffic is continuously receiving this result code, contact Technical Support for assistance. |
R | You receive this code when 3D Secure authentication is being rejected by the issuing bank. This is a genuine decline reason and can only be remedied by either the customer retrying the 3D Secure authentication or using a different card. Depending on your customer behavior and the region you operate in, this result code should not make up a high percentage of your 3D Secure transactions. If a larger than usual proportion of your traffic is receiving this result code, contact Technical Support for assistance. |
C | You receive this code when the 3D Secure authentication was incomplete or abandoned. In this scenario, the customer was challenged by the issuing bank and did not complete the authentication, either because they abandoned the browser /mobile session, or there was an issue with the integration such as the 3D Secure ACS window not displaying. This result code can sometimes occur due to improper handling of the 3D Secure integration that is not in line with best practices. If you see a disproportionally high number of these results, review your integration and documentation. Alternatively, contact Technical Support for assistance. |
Additional Information for Paysafe Payments API/Hosted Solutions Merchants
- If you are using one of our Hosted solutions (Paysafe Payments API/ Payment Handles), you might be experiencing higher 3D Secure abandonment rates. This is largely due to customers being redirected to Paysafe's payment page entirely, increasing the likelihood of customer confusion (as they are no longer on your website) and payment abandonment. In this scenario, we recommend that you implement your solution within an iFrame context on the webpage.
- You can find your 3D Secure authentication results under the Paysafe Client Portal.