3-D Secure adds another level of protection to both merchants and cardholders. With the service enabled, chances of fraud is reduced significantly as each transaction is authenticated with a second factor authentication provided by the card issuing bank (OTP or SMS token).
3-D Secure is mandatory for certain business types. Our fraud analysts will determine whether it is necessary to enable the service on your account based on your business’s risk profile.
3-D Secure is advantageous for merchants offering the following services:
- Travel website
- Game money, digital money, prepaid cards
- Digital goods such as music, movies and software
- Rental services or sales of high-priced products
- Any online content where fraud and chargebacks occur frequently
When to consider enabling 3-D Secure?
- Business has lost many chargebacks and is unable to provide proof of delivery
- Experienced many cases of fraud
- Business does not require recurring payment, and would like to have more protection against fraud
The only disadvantage of enabling 3-D Secure is that cardholders will be redirected to a bank page for every purchase. Thus, merchants will not be able to do automatic/recurring payments. However, the Customer API can be used so that cardholders do not have to re-enter their card details in every time. All they’ve got to do is authenticate with 3-D Secure whenever payment is made.
Learn more on how to implement 3-D Secure.
You can easily identify charges that are blocked by our fraud system on the dashboard, the status will be marked **failed fraud check** .
3D Secure 2
3D Secure 2 (3DS2) is the updated version of 3D Secure 1 (3DS1). 3DS1 was obsoleted in Oct 2022 and you (merchant) must use 3DS2 for card transactions.
What are the features of 3DS2?
3D Secure 2 (3DS2) features frictionless authentication (See How does 3DS2 work for an explanation) and mobile in-app flows to authenticate transactions using innovative enhancements such as fingerprints and facial recognition.
How does 3DS2 work?
3DS2 analyzes a vast number of data points, and serves as an advanced layer of fraud protection. The cardholder enters their card details at checkout. At this point, your 3DS service provider sends an authentication request with the data to the cardholder’s bank. This data includes cardholder and device information such as, device ID, MAC address, geo-location, and previous transactions.
The bank’s 3DS service provider assesses the transaction risk and the transaction then proceeds in one of two ways:
If the data is enough for the bank to trust that the real cardholder is making the purchase, the transaction goes through the frictionless flow and the authentication is completed without any additional input from the cardholder. In this case, the cardholder will not receive any OTP to authorize the transaction.
Note: With frictionless flow, you still benefit from the same liability shift exactly as you do for transactions that pass through the challenge flow. The bank accepts liability in case of payment disputes.
If the bank decides it needs further proof, the system challenges the cardholder to verify their identity using measures such as a OTP, facial recognition, or a fingerprint, to authenticate payment.
The following diagram illustrates the 3DS2 flow: