Payment authentication can often lead to a poor customer experience due to multiple redirects and low authorization rates. However, 3D Secure takes authentication to the next level, creating a secure and seamless payment process for your customers.

3 Domain Secure (3DS) is a robust security protocol designed to support the safety of online payments, specifically to prevent fraudulent credit card use in card-not-present transactions. The 3 domains (acquirer, scheme, and issuer) interact with each other using a 3DS protocol where they exchange information and authenticate the transaction.

How it works?

The 3DS protocol adds verification steps during purchases, enhancing customer authentication and reducing the risk of fraud. The diagram below describes a payment process using 3DS:

Together, these components work collaboratively to create a robust authentication process that helps reduce the risk of fraud during online purchases. The 3DS protocol ensures a more secure and trustworthy environment for merchants and cardholders in the realm of e-commerce.

Eligibility for 3DS Protocol

For a payment to utilize the 3DS protocol, it must fulfill two conditions:

  1. Customer-Initiated Transaction (CIT): This signifies that the user is actively online when making the payment, distinguishing it from Merchant-Initiated transactions.
  2. Processed with Cards from Major Networks: Transactions need to be carried out using cards from recognized networks like CB, Visa, Mastercard, Maestro, and AMEX, among others.

This implies that payment methods other than cards or transactions initiated by the merchant, such as subscriptions or installments, will not have the 3DS protocol available.

MoneyHash 3D Secure Control Feature

The 3DS Control feature empowers merchants to regulate the enforcement of 3DS challenges in their customer's payment transactions. With this feature, merchants can decide whether to enforce or bypass the 3DS challenge, determining their preference in the Payment Intent Request.

Provider 3DS Availability

The application of the 3DS protocol depends on the providers. The provider processing the payment must have the 3DS protocol available to execute this security step.

Upon initiating a new Payment Intent Request, you'll specify whether to enforce or bypass the 3DS protocol by sending the threeds.enabled flag:

threeds.enabledDescription
trueTriggers the 3DS challenge during the transaction, fortifying security with an additional layer of authentication.
falseBypass the 3DS challenge, suitable for low-risk transactions or when a seamless checkout experience is preferred.

Notably, the threeds parameter is optional. If absent in the Payment Intent Request, the default recommended behavior by the payment provider will be applied. This ensures that merchants who do not explicitly set the parameter will still receive guidance from the payment provider regarding 3DS enforcement.

3DS Enabled Payment

To learn more about the 3DS control feature, refer to the 3DS Enabled Payment page.