3D Secure 2.0
Note:
Due to scheme regulations, transactions created with payment method VISA must include correct customer details in the
phone
parameter.
See also Create Order > customer object.
Authentication
3D Secure 2.0 (3DS2) is an authentication protocol that card schemes use to verify cardholder identity for online credit and debit card payments. Under the PSD2, MultiSafepay is required to apply it to all Europe-based card payments, and we enable it by default for non-EU payments as well.
3DS2 provides an extra layer of security and helps reduce fraud-related chargebacks. If a transaction is successfully authenticated using 3DS2, the issuer is responsible for fraud-related chargeback costs instead of you.
How it works
- The cardholder enters their payment details and is redirected to the card scheme to authenticate using their branded version of 3DS2:
- American Express Safekey
- Mastercard SecureCode
- Verified by Visa
- MultiSafepay shares contextual information from the customer's device (fingerprint) with the issuer for a risk assessment, e.g.:
- Transaction value
- New or existing customer
- Customer's location or transaction history
- The issuer decides whether to request additional authentication:
- Frictionless flow: The transaction appears legitimate and is authorized without further user-side authentication. You are not liable for fraud-related chargebacks.
- Challenge flow: The transaction appears risky, and the cardholder is asked to provide additional authentication, e.g., password, SMS code, and fingerprint.
Direct card payments
When you collect cardholder data, you also need to collect other contextual information from the customer's device (fingerprint). This is only relevant for direct
card orders and not for payment components or payment pages, where MultiSafepay collects the fingerprint on your behalf.
See also Cardholder data.
⚠️ Note: Some details are required to comply with scheme regulations. For example, transactions created with payment method VISA must include the email
parameter.
Exemptions
To help you optimize conversion and manage risk, MultiSafepay supports exemptions from 3DS2 and strong customer authentication (SCA).
Warning
Exemptions remove an important layer of security and increase the risk of fraud.
You are then liable for any fraud-related chargebacks.
Low value payments
We will soon support exemptions for low value payments (LVP) under 30 EUR.
Secure corporate payments
SCA authentication is not required for corporate card payments made with commercial cards.
Transaction risk analysis
MultiSafepay can conduct a transaction risk analysis (TRA) for specific transactions for amounts up to EUR 500. The issuer may soft decline the exemption, in which case the customer is automatically redirected to authenticate.
- Scope: All EU and non-EU cards
- Pricing: Free
- Activation: Email [email protected]
Out of scope
Mail Order/Telephone Order (MOTO)
For MOTO payments, the customer gives you their card details by phone or email.
3DS2 authentication is not required.
Recurring payments
For recurring payments, 3DS2 or SCA authentication is required only for the initial payment transaction.
Solutions
Disabling 3DS2
MultiSafepay can disable 3DS2 for all your card payments.
- Scope: Non-EU cards only
- Pricing: Free
- Activation: Email [email protected]
Dynamic 3D
Dynamic 3D is a MultiSafepay solution that lets you set rules to disable 3DS2 per transaction, e.g. based on amount, or card/customer/IP country.
- Scope: Non-EU cards only
- Pricing: MultiSafepay applies a different fee to non-3DS2 transactions. We may also charge a fee to implement Dynamic 3D. To confirm pricing, email [email protected]
- Activation: Provide the following required information by email to [email protected]
- State why you want to use Dynamic 3D.
- Provide evidence of significant volumes of non-EU card payments.
- Specify which sites under your account this applies to.
- Demonstrate excellent processing performance, especially for chargebacks.
- Confirm that you understand the increased risk of chargebacks and accept liability for non-payment after shipment, and the pricing structure.
Flexible 3D
Flexible 3D is a MultiSafepay solution that lets you enable and disable 3DS2 per transaction via our API.
- Scope: Non-EU cards only
- Prerequisites: You must be certified to handle cardholder data.
- Activation: Email [email protected]
- Integration: See API reference – Create order > Card order. Set the
type
parameter todirect
. Include the customer fingerprint data.
Support
Email [email protected]
Updated 3 months ago