Skip to content

3D Secure

3D Secure (3DS) is an authentication protocol that adds an extra layer of security to online payments.

When a customer initiates a payment, 3DS requires them to complete an additional authentication step with their card issuer. This typically involves directing the customer to their bank’s website, where they enter a password or a code sent to their phone to verify the payment. This added layer of authentication helps protect your business from fraudulent transactions and ensures that payments are more secure.

3D Secure 2 (3DS2) is an updated and highly secure authentication protocol that is designed specifically to meet the Strong Customer Authentication (SCA) requirements for online payments.


With an additional layer of security added to card-not-present (CNP) transactions, 3DS2 offers:

  • Enhanced authentication accuracy
  • Reduces the risk of fraudulent transactions
  • A more secure and trustworthy payment experience for your customers, while also protecting your business from fraudulent transactions
  • Chargeback liability shift

Chargeback Liability Shift


If the 3DS authentication is successful (whether following the frictionless or challenge flow), the liability for the payment is passed to the bank, protecting you from fraudulent transactions.

When it comes to fraudulent chargebacks (for example, chargeback claim due to lost or stolen card), the responsibility typically shifts from the merchant to the card issuer once the payment is successfully authenticated with 3DS.

This means that if the payment was made with 3D Secure and the cardholder disputes the payment as fraudulent, you will not be liable for any losses. Instead, the card issuer will be responsible for refunding the cardholder and any associated fees.

3DS 2 Flows

3DS2 provides an enhanced user experience by embedding the authentication process seamlessly within your checkout flow, improving upon the original 3DS protocol.

During the payment process, 3DS2 allows the merchant and payment provider to send data elements, including the customer’s shipping address, device ID, and payment history, to the cardholder’s bank. This information is used to assess the risk level of the transaction, all of which takes place in the background, within your web or mobile checkout flow.

Based on this data, the customer’s bank will either immediately authenticate the payment, which is known as the frictionless flow, or request additional information before authenticating the payment, which is known as the challenge flow.

Frictionless flow

The frictionless flow occurs when the bank has enough information to trust that the payment is being made by the cardholder, allowing for the payment to be authenticated without disrupting the customer’s experience. On the other hand, if the bank needs more proof, the challenge flow will be initiated, and the customer will be prompted for additional information to authenticate their payment.

Challenge flow

During a challenge flow in the 3DS2 authentication process, the issuer requests additional interaction from the shopper, aimed at verifying their identity. This can involve the use of advanced authentication measures such as biometric authentication, two-factor authentication, or other Strong Customer Authentication (SCA) factors. Such additional steps are required when the issuer deems the transaction to carry a higher risk of fraud, necessitating more comprehensive authentication to safeguard the transaction’s safety and security.