Page tree
Skip to end of metadata
Go to start of metadata


3-D Secure is a technology to increase safety for credit card payments on the Internet for both dealers as well as for customers.

Visa calls this procedure "Verified by Visa", MasterCard "MasterCard SecureCode" and American Express "Safekey".

To avoid card abuse, opens at payment process by credit card as well as payments with the debit card Maestro an input form in which the customer enters his personal security code. Since this code is known only to the card holder 3-D Secure ensures that it is the real card holder is involved ton the payment process. So by using 3-D Secure the risk of chargeback is reduced.

Payment Service Directive 2

The PSD2 provides that from 2019-09-14 all payment transactions must be processed with strong customer authentication as far as there are no exceptions.

  • SCA due to the use of at least two factors:
    • Knowledge (e. g. password, code, PIN)
    • Ownership (e. g. token, smartphone)
    • Inherence (e. g. fingerprint, voice recognition)

That means that all credit card transactions will have to be handled with 3-D Secure - which can be 3-D Secure 1 or 3-D Secure 2 (EMV 3-DS) on the issuer side.

If you have already 3-D Secure implemented in your systems the PAYONE platform will be able to handle both varying processes for you: 3-D Secure 1 or 3-D Secure 2.

Please be aware that credit card transactions may be declined by your acquirer or the issuer after 2019-09-14 if they are not processed with 3-D Secure at all.

3-D Secure 1

In the case of 3-D Secure, virtually every payment transaction must be authorized by the end customer if the end customer has registered for the 3-D Secure procedure and the card-issuing bank participates in the procedure. Therefore the customer is forwarded to a website of the card-issuing bank, where the 3-D Secure password must be entered.

The disadvantage of this method is that the customers often do not complete the authorization and thus have prematurely terminated the purchase process.

3-D Secure 2

3-D Secure 2 was introduced by the EMVCo and leading credit card companies to facilitate the customer's payment process by offering up-to-date authentication methods such as biometric procedures.

In addition, 3-D Secure 2 provides exceptions to bypassing this authentication if certain conditions are met. In this way, additional data, such as device data, can be transmitted and used to decide whether authentication by means of 3-D Secure is required. Transactions that are subject to higher risk or that have to comply with more stringent specifications (such as PSD2) can also be assigned to the authentication process.

For the simplest possible implementation, PAYONE provides a landing page, which determines the necessary device data of the browser and provides them to the ACS. As a result, no adjustments are required on the part of the dealer or the shop.

How to improve shopper experience

To achieve a better shopper experience and improve conversion rate by reducing input of 3-D secure credentials it's recommended to provide more data with each payment transaction - even if they are not mandatory yet, e.g.: 

This is relevant for these payment requests:

  • initiating payment reservation (preauthorization)
  • initiating payment process (authorization)
  • creating a contract (createaccess)
  • initiating payment process in the billing module (vauthorization)

The more data that is provided, the greater the possibility of exemption on the part of the acquirer or issuer to circumvent the input of the 3-D Secure credentials.

If you are using shop systems and our plugins your work is already done. Just ensure that 3-D Secure is enabled and that up-to-date plugin versions are used.

3-D Secure basic workflow with detection 3-D Secure 1 vs 3-D Secure 2

This sequence diagram shows the new workflow, which first asks whether 3-D Secure 2 is supported by the issuer. If not, then the 3-D Secure 1 workflow is triggered.

If 3-D Secure 2 is supported, device data from the browser will be determined and sent to the issuer along with the transaction data, which may agree to a frictionless process. In this case, the transaction is processed with 3-D Secure, without the customer having to enter his 3-D Secure credentials in a so-called "challenge".

3-D Secure 2 challenge workflow

If the issuer asks for a "challenge" - so the customer must be prompted to enter their 3-D Secure Credentials - a browser page is created that includes the issuer page for entering the 3-D Secure credentials.

We have made all technical adjustments for the integration of 3-D Secure 2 for you. If you have already secured your credit card payments using the 3-DS procedure, you can now benefit from these advantages without restriction: They are thus ideally positioned for the PSD2 and the challenges of the future.

Please contact us immediately if you do not yet use the 3-DS procedure: In this case, there is a risk of payment defaults from 14 September onwards.

Further options will follow for seamless integration into shop systems via browser and app.

Test data

3-D Secure works with redirects - so the URLs for redirect / processing need to be set:


  • No labels