Configuration of the advanced risk assessment module

IMPORTANT
The advanced risk assessment module is compatible with v2 3D Secure. We are currently working on improving the display to allow you to manage the possibilities offered by the v2 3D Secure more fully, in particular when it comes to the various possible authentication preferences.

Configuration of the risk module

The advanced risk assessment module is accessible via the Settings > Advanced risks assessment menu.

The configuration of the risk assessment module consists in:
  1. Defining the default 3D Secure behavior.
  2. Choosing the transactions that must be subjected to the risk assessment module (all transactions, only test transactions, no transactions).
  3. Defining the specific rules depending on the business needs.

Default 3D Secure behavior

When a store is created, the default 3D Secure behavior is set to 3D Secure enabled by default.

The table below describes the behavior according to the version of the protocol used for the payment:

Default 3D Secure behavior 3DS1 card 3DS2 card

3D Secure enabled by default

Forced 3DS1 authentication. Forced 3DS2 authentication.

3D Secure disabled by default

3DS1 authentication disabled if the store has the “Selective 3DS1” option.

By using this value, you expose yourself to “Soft decline” refusals.

If the store does not have the “Selective 3DS1” function, 3DS1 authentication is forced.

3DS2 authentication with merchant preference forced to Frictionless if an exemption applies (see “Application of exemptions”) and if the store has the “Frictionless 3DS2” option.

If this is not the case, strong authentication (Challenge) is requested.

Presentation of actions

The advanced risk assessment module allows to perform two 3DS-specific actions when configuring the rules: “Enable 3D Secure” and “Disable 3D Secure”.

The table below describes the behavior according to the version of the protocol used for the payment.

Action 3DS1 card 3DS2 card
Disable 3D Secure

This action is only available if the shop’s default 3D Secure behavior is set to 3D Secure enabled by default.

Disabled 3DS1 authentication.

By using this value, you expose yourself to “Soft decline” refusals.

3DS2 authentication with merchant preference forced to Frictionless if an exemption applies (see “Application of exemptions”) and if the store has the “Frictionless 3DS2” option.

If this is not the case, strong authentication (Challenge) is requested.

Enable 3D Secure

This action is only available if the shop’s default 3D Secure behavior is set to 3D Secure disabled by default.

Forced 3DS1 authentication. Strong authentication desired.

However, the card issuer may decide to perform authentication without interaction with the cardholder (frictionless).

Application of exemptions:
  • For payments made in euro, if the amount is lower than €30, a request for frictionless is transmitted to the DS. If the frictionless request is accepted by the issuer, the merchant loses the payment guarantee.
  • For payments made in euro, if the amount is higher than €30, the value transmitted by the merchant is ignored and strong authentication (Challenge) is requested.
  • For payments made in a currency other than euro, a request for frictionless is transmitted to the DS.
  • If the store does not have the “Frictionless 3DS2” option, strong authentication (Challenge) is requested.

Priority among actions

An order of priority is defined between certain actions:

  • The Refuse a transaction action has priority over the Manual validation action.
  • The Enable 3D Secure action has priority over Disable 3D Secure.

Other actions can be combined, for example: Raise an alert, Enable 3D Secure and Validate manually.

Priority among the different means of expressing the merchant preference

The merchant preference can be expressed on several levels:

The parameter transmitted in the payment request (strongAuthentification of the REST API or vads_threeds_mpi of the Hosted Payment Page) has priority over the decisions of the risk assessment module.

If the merchant does not express the desire via the payment request or the risk module, the payment gateway configuration is applied.

The merchant preference is ignored when:
  • The used payment method is Maestro.
  • The payment gateway performs a new payment attempt after a soft decline.
  • The merchant has requested for the payment method to be saved.