What is EMV 3-D Secure?

EMV 3-D Secure is a form of Strong Customer Authentication (SCA) designed to reduce fraud and chargebacks during e-commerce transactions. It allows card issuers to provide an extra level of protection, by authenticating cardholders at the point of sale (e.g. with a secret password or biometrics) if the payment is deemed high risk. Exemptions apply for MOTO (Mail or Telephone Order) transactions and/or MIT (Merchant Initiated Transactions), for which 3-D Secure cannot be performed, with the exception of the setting up of the initial mandate, where Strong Customer Authentication (SCA) is required. In the event of a dispute with the transaction at a later date, the card issuer will take financial responsibility for the chargeback in most instances.

  Compliance with Revised Directive on Payment Services (PSD2)

The Revised Directive on Payment Services (PSD2) mandates that a form of Strong Customer Authentication (SCA) is performed on all transactions initiated by the customer through their browser. You will need to utilise 3-D Secure to comply with PSD2.

 

Process overview

The following diagrams show standard e-commerce transactions using 3-D Secure:

When payment is deemed low-risk

Frictionless payment allows for a streamlined checkout experience

3ds-def-01.png

  1. The customer enters their card details on your checkout and clicks on the “Pay” button.
  2. Data regarding the payment session and customer’s device is shared with the card issuer. The customer is deemed low-risk, so no action is needed on their part to verify their identity.
  3. Following these checks the payment will be processed. The checkout will then display a success message to the customer.

If the authentication fails, your checkout will display an error message and provide the customer an opportunity to re-attempt payment or provide an alternative card.

When payment is deemed high-risk

Customer will be challenged prior to completing the purchase

3ds-def-02.png

  1. The customer enters their card details on your checkout and clicks on the “Pay” button.
  2. Data regarding the payment session and customer’s device is shared with the card issuer. The customer is deemed high-risk, so their browser may display an overlay prompting them to complete some basic actions to authenticate their identity.
  3. Following any authentication steps required by the customer’s card issuer, the overlay will close automatically, and the payment will be processed. The checkout will then display a success message to the customer.

If the authentication fails, your checkout will display an error message and provide the customer an opportunity to re-attempt payment or provide an alternative card.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request