What happens to Selective 3D Secure?
In 3DS1, the merchant can disable the authentication.
Authorized merchants can indicate whether they wish to enable or disable the 3DS authentication process, either from the advanced risk assessment module, or directly in the payment request or via a payment module (PrestaShop, Magento, etc.).
Since October 2020, issuers have been progressively refusing transactions made without 3D Secure authentication.
This behavior is called “soft decline”.
To reduce the number of rejected payments, the payment gateway automatically makes a new payment attempt with 3D Secure authentication, when possible.
In 3DS2, the merchant can express a choice.
Under PSD2, it is no longer possible to disable authentication in 3DS2.
However, the merchant can express their choice regarding cardholder authentication.
This is called “ merchant preference”.
- Request strong authentication, i.e. with cardholder interaction (challenge)
- Request authentication without interaction (frictionless), requires the frictionless 3DS2 option
- Not choose anything and let the issuer decide (no preference)
By default, “no preference” is applied.
The choice is made either in the payment request, or via a payment module (PrestaShop, Magento, etc.), or via the Merchant Back Office for merchants authorized to access the advanced risk module.
Frictionless request
Merchants having opted for an offer including the “Frictionless 3DS2” option can request an exemption from strong authentication in the payment request.
Thus, the option allows them to express a preference regarding the authentication mode, and allows them to request a payment without cardholder interaction (frictionless).
In this case, if the request is accepted by the issuer, the buyer will not need to authenticate him or herself (no challenge) but the merchant will assume responsibility in case of chargeback (no payment guarantee).
In Europe, for payments in euro, the merchant can request an exemption from strong authentication for low value transactions (< €30).
This does not mean that all > €30 transactions will be systematically submitted to strong authentication (e.g. application of issuer or trusted beneficiary TRA).
For payments made in a currency other than euro, a frictionless authentication request is sent to the issuer regardless of the amount, if the merchant requests it and if they have the “Frictionless 3DS2” option.
The platform automatically determines the exemption reason to send to the issuer based on your shop's options and the amount of the transaction.
In any case, the issuing bank is the one to determine whether the transaction will be subject to exemption.