Glossary

Learn about payment industry terms and concepts

Back to glossary

3DS payment gateway

3D Secure is a user authorisation protocol for card-not-present operations. The concept of a 3D Secure technology arose since three domains are involved here: a merchant or an acquirer, who requests the payment card data, a payment system that redirects the payer to a password confirmation page, and the card issuer's domain or a specialised service, where a confirmation page is formed, and the entered security codes are checked.

What is a 3D Secure payment gateway?

A 3DS payment gateway is a gateway that utilises the 3D Secure protocol for users' authorisation when they pay for their purchases in an online store. Making an online payment via such a secure payment gateway, a cardholder should prove their identity by entering a code, a temporary PIN, or a password. By partnering with a reliable 3DS provider, businesses can ensure that their customers benefit from enhanced protection against fraud while enjoying a seamless checkout experience.

How does a 3DS payment gateway work?

When you use 3D Secure gateways, the process of authentication comprises the following steps:

  • Collection of card data. It requires the credit card number, expiration date, cardholder's name, and authentication code (for example, CVC2).
  • 3D Secure registration check. The system checks if the card is registered for 3D Secure authorisation.
  • Redirecting to the 3D Secure page. If the outcome of the previous step is positive, the purchaser is redirected to their card provider's 3DS page.
  • Additional security check. The client should provide a unique one-time code sent via email or message.
  • Redirecting back to the website. After the successful authentication, the client is returned to the merchant's website to proceed with the purchase.
  • Confirmation of payment. After the redirection to the website, the purchaser is informed of the successful outcome of their payment processing.

Why use 3D Secure payment gateway?

The 3DS payment processing minimises card fraud risks for merchants due to the liability shift. The issuing bank is responsible for the transactions performed with this type of verification. All the authentication data provided by the customers is stored on the payment server of the issuing bank. The online store does not have access to it, except for a part of the information on the payment card details, but in the amount allowed by the PCI DSS. Payment gateway providers take these measures to increase cardholders' data security. If to look at the advantages of 3DS payment gateways for merchants, the main one is decreasing the likelihood of chargebacks. It is important for high-risk merchant accounts and for general business performance health.

What is 3D Secure 2.0?

3DS 2.0 is a next-generation version of the 3DS protocol developed and owned by EMVCo. It aims to eliminate the pain points of version 1.0 and significantly increase the attractiveness of the technology for market participants, the quality of the assessment of the transaction legitimacy, and the need for its authentication.

Compared to 3D Secure 1.0, the following changes have been implemented in version 2.0:

  • Support for various devices and channels was added. The new mobile SDKs enable authentication directly within the mobile application without redirection to the card issuer's website.
  • More convenient authentication methods, such as biometrics and tokens, are used instead of static passwords.
  • The amount of data transmitted for authentication has been significantly increased, allowing for high-quality Risk-Based Authentication (RBA).

The benefits of implementing 3DS 2.0

With 3DS 2.0 updates, merchants can receive more data when interacting with issuing banks and payment gateways. It allows them to collect valuable insights about the transactions after the payment is made. For instance, the number of times a customer was redirected to the 3D Secure payment page and the percentage of authenticated payments can provide a complete picture of customer behaviour. This, in turn, provides analysts with important statistics on fraudulent transactions and activities, helping to improve the protection system.

Key benefits include:

  • Adaptive payment process in mobile phone browsers, as well as mobile applications.
  • The ability to embed the authentication process into applications (without going to the browser).
  • Ability to approve a transaction without manual data entry.
  • Additional authentication methods using biometrics and security tokens.
  • Increased convenience for consumers, resulting in lower shopping cart abandonment rates.

Looking for secure payment solutions?

Our PCI DSS L1-compliant payment platform brings you a data protection toolkit to handle your company's sensitive payment information. Minimise risks and enjoy peace of mind by relying on industry-leading security practices.

Learn more