3D Secure - the most common questions

3D Secure 2 — The Most Common Questions

3d Secure FAQ

3D Secure 2.0 is the main online card payment authentication solution that will make you stay compliant with PSD2 requirements. If you’re still not sure how new requirements can impact your business or how to implement changes, here are the answers to the most frequently asked questions.

Do I have to add 3D Secure 2.0 to a payment process on my website?

Yes, if you accept online credit and debit card payments and your acquiring bank is located within the European Economic Area.

Please note that strong customer authentication (SCA) is part of the PSD2 — the regulation that comes into effect on 14 September 2019. The 3D Secure 2 will make you stay compliant with the directive as it is considered the main method of authenticating online card payments.

This is why we strongly recommend enabling our non-invasive 3D Secure in order to stay compliant with new regulations. If you still don’t have 3DS enabled, please contact our support team.

What are the differences between 3DS 1.0 and 2.0?

The main differences are:

  • stronger authentication — static passwords will be replaced with tokens and biometric
  • enhanced customer experience
  • better conversion thanks to reducing friction in the transaction process
  • support for mobile clients.

For more details on the differences read one of our past blog posts: 3D Secure 2.0 specifications in a nutshell.

What may happen if I don’t use 3D Secure authentication?

Please stay aware that not using 3D Secure may cause severe consequences after September 14 when PSD2 comes into force. Here’s what you may face when the 3DS is not built into the checkout flow:

  • transaction declines
  • a massive drop in conversion
  • checkout friction and poor customer experience
  • increased risk of cart abandonment.

How does SecurionPay support 3DS2?

If you have the non-invasive 3D Secure enabled, you can stay assured that your business is ready for new requirements. As our customized 3DS was designed with the highest security level and the customer experience in mind (which is similar to 3DS2), you will smoothly transit to 3D Secure 2 without any extra action on your part. We’ve got your back, so you may focus on your core business.

If any action is required, you will be notified immediately.

What should I do to activate 3D Secure 2?

If you have the non-invasive 3D Secure in place, you are ready for the 3DS2 version. No extra action is required.

If you don’t have our non-invasive 3D Secure implemented, follow the instructions.

If you’re using SecurionPay Checkout, you need to implement the 3D Secure method into your Checkout Request object. Find out more details in the documentation (threeDSecure object).

To find the Custom form follow the documentation. When creating a charge, please set the threeDSecure object requireAttempt to true and requireSuccessfulLiabilityShiftForEnrolledCard to false.

Do I have to apply 3DS 2.0 if my customers are not from the EU?

If you accept card payments from customers outside Europe (there are no European cards) and the issuer or acquirer is not based in Europe, you don’t need to enable 3DS2.

Will 3DS2 affect user experience on my website?

Both the non-invasive 3D Secure and 3DS2 are designed to add a security layer and minimize the chargeback ratio without hindering conversion. Though keep in mind that the main goal of introducing SCA is increased fraud prevention.

Do I have to apply 3DS to all my recurring payments?

When it comes to recurring transactions with a fixed amount, only the initial one requires strong customer authentication. However, 3DS will be required for every new amount when the amount changes.

As most subscription-based payments are perceived as merchant initiated, they are out of the SCA scope, but it’s still up to the bank whether the transaction needs to be authenticated or not.

Are there any exemptions from 3DS2?

There are exemptions from SCA defined for different use cases. It can be based on the amount (transactions lower than €30), transaction type, level of risk, etc. Overall, it is the cardholder bank’s decision whether to accept an exemption.

If you have any further questions or need our help regarding 3D Secure 2.0, don’t hesitate to contact our support team. They are always happy to help!

The following two tabs change content below.

Sandra Wróbel-Konior

A well-established Content Marketing Specialist with a tech-savvy personality, experience in writing, and a passion for reading. Staying up to date with the latest technology and social media trends, in love with GIFs and craft chocolate.

Latest posts by Sandra Wróbel-Konior (see all)

The Biggest PSD2 and SCA Concerns. How They Can Impact Your Business

Building a Successful Subscription Business