3D Secure Sales Authentication

📘

ConnexPay now offers a direct integration to 3D Secure authentication for acquirers in Europe. US acquirers will be able to use this 3DS integration beginning in mid-2023.

3D Secure is an advanced method of performing Strong Customer Authentication (SCA) in card-not-present transactions. Using 3D Secure will help protect merchants from fraud chargeback disputes by shifting the liability for any transactions authenticated through 3D Secure from the merchant to the card issuer/bank, subject to specific card network rules.

3D Secure 2.0 improves upon the original 3D Secure process by enabling issuers to better assess the authenticity of a transaction based on the information included in the transaction itself. This increases the chances of the transaction being frictionless for the customer and lowers the rate of transaction abandonment.

As a rule, SCA (Strong Customer Authentication) is mandatory for any electronic payment when both acquirer and issuer are in the EU. However, some business cases do not require SCA and in some cases a transaction can qualify as exempt, depending on the business model and the transaction’s characteristics.

Our platform simplifies decisioning whether a transaction must be routed for 3D secure authentication by using an advisory engine. It works automatically to advise on Regulatory requirements and conversion rate impacts. The recommendation engine will request SCA exemptions if they are determined to be relevant.

For more information about the 3D Secure parameters required for 3DS authentication, click to view the Create Sale or Auth Only API endpoints.

3D Secure Authentication Process Flows

There are 4 possible 3D Secure process flows for 3D Secure transactions.

  1. Frictionless: no additional data is required for 3D authentication.
  2. Device Fingerprint assessment: this process is frictionless to the cardholder since the information is transferred electronically without the cardholder experiencing any change in the flow. To successfully complete the device fingerprint, the webpage being used for payment must be configured to use an embedded iFrame. The iFrame is needed to complete the required redirection to the issuer's site. Use the redirectUrl and redirectUrlRequetPayload provided in the response to complete authentication. The response must occur within 10 seconds.
  3. Cardholder Challenge: Cardholder is prompted with an authentication screen that must be completed for authentication to occur. To successfully complete the challenge, the webpage being used for payment must be configured to use an embedded iFrame. This will be used to complete the required redirection to the issuer's site. Use the redirectUrl provided in the response to initiate the cardholder challenge.
  4. Cardholder Challenge + Fingerprint Assessment: requires full authentication of both a Device Fingerprint assessment and a Cardholder Challenge.

If a 3D Secure Device Fingerprint, 3D Secure Cardholder Challenge or 3D Secure Device Fingerprint + Cardholder Challenge is required, Acquiring merchants should monitor the callback UI response until 3DS is marked as complete. Once complete, the GET 3DS Status route must be called and a combination of the payload responses returned are be used to call the Create Sale or Auth Only endpoint again to complete the transaction.

The new route to GET 3DS status once SCA is complete, as well as next steps and parameters needed for US and EU Acquirers, is located here: https://docs.connexpay.com/reference/get-3ds-status-group

1. Frictionless (no additional data is required for 3D Authentication)

2. Device Fingerprint assessment (frictionless as the information is transferred electronically without the cardholder experiencing any change in the flow)

3. Cardholder Challenge (Cardholder is prompted with an authentication screen)

4. Challenge + Fingerprint Assessment (requires full authentication of both a Device Fingerprint assessment and a Cardholder Challenge)