Documentation
WebsiteHelp

3D Secure

3D-Secure (3DS) is a method of authentication designed by the Card Associations (Visa and Mastercard) to reduce online payment fraud.

Suggest Edits

3D Secure protects merchants from chargebacks on fraudulent transactions. If 3DS is not used, then the liability shifts to the merchant in the event of a fraudulent transaction.

3DS 2.0 offers an enhanced “frictionless” user experience that can help to reduce customer cart abandonment. It replaces old password technology with enhanced authentication techniques. Ecentric is currently using version 3DS2.2.

👍

Note:

Ecentric's Hosted solutions implement the 3DS authentication flows so that merchants do not need to. Only merchants using the API need to implement these flows for authenticated transactions.


How Does 3DS Work?

The 3DS protocol allows merchants, Card Associations, and the banks to share information in order to authenticate customer payments.

The process works as follows:



Step 1:

The customer places an order with the merchant and chooses to pay by card. The merchant sends the Payment Gateway (PG) a Secure3DLookup request.

Steps 2-4:

The PG will check if the customer’s card is enrolled for 3DS the send the response back to the merchant.

Step 5:

If the card is enrolled for 3DS, the merchant will send an HTML form POST to the Gateway URL (which is contained in the Secure3DLookup response).

Step 6:

The PG will redirect the authentication request to the Access Control Server (ACS) of the customer's issuing bank.

Step 7:

The customer will be prompted to authenticate their identity with their issuing bank using a One-Time-Pin (OTP) or an in-app authorization.

Steps 8-9:

The result of this authentication is then sent to the merchant.

Step 10:

If the authentication is successful, the merchant will send a payment request to the PG.

Step 11:

The PG will send the payment request to the merchant's acquiring bank.

Step 12:

If the payment request is successful, then funds will be transferred to the merchant's account.

Steps 13-14:

The payment response is sent from the acquirer to the PG, which will send the response back to the merchant. The merchant will then be able to provide payment confirmation to the customer.

Updated about 1 month ago