3D Secure - the Authentication Layer of Payments by Checkout.com

3D Secure - the Authentication Layer of Payments by Checkout.com

𝟑𝐃 𝐒𝐞𝐜𝐮𝐫𝐞 — The Authentication Layer in Card-Not-Present Transactions

3D Secure (3DS) is a security protocol developed by EMVCo to authenticate online cardholders in real time. It facilitates risk-based authentication between the issuer, merchant, cardholder, and Access Control Server (ACS)—creating an added layer of trust in card-not-present (CNP) transactions.


𝐇𝐨𝐰 𝐝𝐨𝐞𝐬 𝟑𝐃 𝐒𝐞𝐜𝐮𝐫𝐞 𝐰𝐨𝐫𝐤?

3DS dynamically adapts to the transaction risk profile using one of two core flows:

1️⃣ 𝐅𝐫𝐢𝐜𝐭𝐢𝐨𝐧𝐥𝐞𝐬𝐬 𝐅𝐥𝐨𝐰

  • No customer interaction
  • The issuer’s ACS validates the cardholder silently using contextual signals (device ID, IP, geolocation, past behavior)
  • Ideal for low-risk transactions and returning users

2️⃣ 𝐂𝐡𝐚𝐥𝐥𝐞𝐧𝐠𝐞 𝐅𝐥𝐨𝐰

  • Issuer actively authenticates the cardholder
  • Methods may include OTP, face ID, fingerprint, or app push notification
  • Used when risk is elevated or regulatory thresholds require stronger SCA (e.g., PSD2 in Europe)


𝐖𝐡𝐚𝐭 𝐢𝐬 𝐋𝐢𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐒𝐡𝐢𝐟𝐭?

When 3DS is applied (and the issuer approves the authentication), liability for fraud-related chargebacks shifts from the merchant to the issuer.

This is especially critical for:

  • High-value CNP transactions
  • Cross-border payments
  • SCA-mandated regions (e.g., EU, UK, India)


𝐒𝐭𝐚𝐧𝐝𝐚𝐥𝐨𝐧𝐞 𝟑𝐃𝐒 𝐯𝐬. 𝐏𝐒𝐏-𝐞𝐧𝐚𝐛𝐥𝐞𝐝 𝟑𝐃𝐒

📌 Standalone 3DS - Merchants directly integrate with a 3DS provider or ACS ( VGS , Forter ...)

  • Full control over routing, rules, and orchestration
  • More complex setup, ongoing maintenance, and liability handling
  • Best for technology-driven & enterprise merchants

📌 PSP-enabled 3DS - the PSP( Checkout.com , ACI Worldwide , DEUNA ) manages the 3DS flow

  • Simpler integration, streamlined performance
  • Embedded in the PSP’s payment flow
  • Built-in liability management and reporting
  • Less granular control over ACS selection or custom rule logic
  • Best for traditional merchants or start/scale-ups.


𝐖𝐡𝐲 𝐌𝐞𝐫𝐜𝐡𝐚𝐧𝐭𝐬 𝐬𝐡𝐨𝐮𝐥𝐝 𝐜𝐚𝐫𝐞

  • Seamless user experience with risk-based friction reduction
  • Increased authorization rates through dynamic routing
  • Fraud reduction + chargeback liability protection
  • Regulatory compliance with PSD2, RBI, and global SCA mandates


Source: Checkout.com

► Sign up to 𝐓𝐡𝐞 𝐏𝐚𝐲𝐦𝐞𝐧𝐭𝐬 𝐁𝐫𝐞𝐰𝐬: https://lnkd.in/g5cDhnjC

Connecting the dots in payments... | Marcel van Oost

Mathieu Ramond

eCommerce Product Manager at PayXpert

2w

Thank you for another clear presentation on a complicated payment feature ! Just one precision, the ACS is only the issuer part of the technical implementation (there is one for each bank or group), the merchants should use a "3DS Server" provider or solution to implement 3DS.

To view or add a comment, sign in

Others also viewed

Explore topics