3D Secure
1. What is 3D Secure?
3D Secure is a protocol designed to help reduce fraud by allowing card-issuing banks to authenticate their cardholders whilst shopping online. Most card schemes support 3D Secure with their own branded authentication protocols – for example, Visa uses Verified by Visa, MasterCard’s protocol is called Identity Check, etc.
Due to PSD2 (Payment Services Directive) regulations the use of 3D Secure will become mandatory for all ecommerce transactions in 2021, with some exemptions. As part of these mandates, a new version of 3D Secure will be introduced (Version 2) and new authentication protocols will exist as part of SCA (Strong Customer Authentication), whereby cardholders may be required to use multiple data points to authenticate themselves with their card issuer.
2. 3D Secure Ratings
You can check the outcome of the 3D Secure step in your ePDQ account via the Operations > View Transactions reports. The result of the 3D Secure check shows in the Ratings column.
- A Green Tick in the Ratings column indicates the transaction was reported as Fully Authenticated by the customers’ card issuing bank.
- A Blue Tick in the Ratings column indicates that Authentication was Attempted. This does not indicate a problem with 3D Secure, or with the transaction itself.
- A yellow triangle with an exclamation mark indicates that Authentication Failed, typically because the cardholder failed the authentication check with their issuing bank
In order to determine the liability shift associated with a given outcome (i.e. the degree of protection you will receive in the event of a chargeback where 3DS protection applies) please refer to our Merchant Procedure Guide:
3. 3D Secure Additional Information
If you drill down further into an individual transaction by clicking on the PAY ID button on the reports results screen, you can see additional information relating to the outcome of the 3D Secure check.
This indicates the transaction was reported as fully authenticated by the card-issuing bank (e.g. the cardholder passed the authentication check).
This indicates the 3D Secure check was attempted, but the cardholder was not asked to authenticate themselves (e.g. the cardholder was not enrolled in 3DS with their card issuer).
This indicates the cardholder failed the 3D Secure authentication check with their card-issuing bank. The transaction will be flagged as declined (STATUS=2).
This indicates a technical issue prevented 3D Secure from being completed. The transaction will proceed to the authorisation stage depending on how you have configured your 3D Secure settings in the ePDQ Fraud Detection section of the ePDQ Back Office. Please see the section below for further information regarding these settings.
4. 3D Secure Settings
You can control how ePDQ handles certain 3D Secure outcomes – for instance, when a technical failure occurs during 3D Secure, do you wish the transaction to continue to authorisation as a non-secure transaction. Please note, if you do choose to proceed to the authorisation stage in certain scenarios, the transaction may not benefit from any liability shift protection.
These settings can be found by navigating to the Fraud Detection screen via the Advanced > Fraud Detection menu options in your ePDQ Back Office.
The 3D Secure settings will look like this (your account may show additional Payment Methods that can be configured):
Clicking ‘Edit’ will show you the current settings, and will allow you to modify these to decide if you wish to Continue or Interrupt the transaction based on the outcome of the 3D Secure check.
Once updated, please click Submit to save any changes.