How does 3D Secure work?

The 3D Secure protocol is represented by an additional step during the payment: cardholder authentication.

The authentication occurs after the card detail entry and can be made:
  • Without cardholder interaction (“frictionless” authentication), in this case, the cardholder is not explicitly invited to authenticate upon their payment.
  • With cardholder interaction (strong authentication or “challenge”).

In case of strong authentication, different authentication methods are implemented by different banks, such as:

  • Authentication via mobile application

    The buyer receives a notification on their smartphone and authenticates him or herself via their bank’s mobile application by entering a secret code or using their biometric data. They confirm the payment via the application, then return to the merchant website.

  • Authentication via a secret code

    The buyer receives a single-use code by SMS. They enter this code on the authentication page to authenticate.

The payment gateway takes it upon itself to interact with the authentication server of the cardholder’s bank and retrieve the result to finalize the payment.