DocumentationAPI Reference
Documentation

3D Secure

Suggest Edits

About

3D Secure is a technical standard created by Visa and MasterCard to further secure CNP (Card-holder Not Present) transactions over the Internet.

3D Secure protects the shopper's credit card against fraud when shopping online. Shoppers validate transactions made over the internet through use of an additional password during the online purchase journey.

3D Secure also creates a liability shift for the merchant, meaning that the merchant is no longer liable for certain 3D Secure-related chargebacks.

Payment Flow

688

Technical Considerations

  • Similar to other card payments, the shopper will enter the card details on the merchant's site. However, after clicking "buy" or "purchase", the shopper will be directed to a 3D Secure login/authentication page as indicated by Reach. Once that interaction has completed, the shopper will be redirected back to the merchant's "Return" URL. The flow in the API is identical to that of PayPal.
  • Although this is a card payment, authentication is required, thus an "Action" block containing a URL will be returned to the merchant, which must cause the shopper to be redirected. Once 3D Secure has completed, the shopper is directed to the merchant's "Return" URL. A notification of authorization will also be sent, and may arrive before or after the "Return" URL is fetched.
  • Fingerprint is required for this payment method.
  • This method is only available for Maestro and for local India processing.

FAQ

  • 3D Secure is available for only certain required products and regions.
  • Maestro is a debit card issued on the MasterCard network which requires 3D Secure authentication for all non-recurring transactions.
  • Local India credit card processing requires 3D Secure authentication.

Best Practices

  • For anyone in retail, we always recommend that you do not ship before capture is complete.

Testing

  • Testing is available through the Reach sandbox for the relevant products and markets.
    • For testing local India credit cards with 3DS in sandbox, the cardholder name needs to be specified as “PEND” to trigger the 3DS interaction.

Related Information

API icon

Please see our most recent API guide.

Updated over 4 years ago