What happens to Selective 3D Secure?
In 3DS1, the merchant can disable the authentication.
Authorized merchants can indicate whether they wish to enable or disable the 3DS authentication process, either from the advanced risk assessment module, or directly in the payment request or via a payment module (PrestaShop, Magento, etc.).
In 3DS2, the merchant can express a choice.
Under PSD2, it is no longer possible to disable authentication in 3DS2.
However, the merchant can express their choice regarding cardholder authentication.
This is called “merchant preference”.
- Request strong authentication, i.e. with cardholder interaction (challenge)
- Request authentication without interaction (frictionless), requires the frictionless 3DS2 option
- Not choose anything and let the issuer decide (no preference)
By default, “no preference” is applied.
The choice is made either in the payment request, or via a payment module (PrestaShop, Magento, etc.), or via the Merchant Back Office for merchants authorized to access the advanced risk module.
In Europe, for payments in euro, the merchant can request an exemption from strong authentication only for low value transactions (< €30).
This does not mean that all > €30 transactions will be systematically submitted to strong authentication (e.g. application of issuer or trusted beneficiary TRA).
For payments made in a currency other than euro, a frictionless authentication request is sent to the issuer regardless of the amount, if the merchant requests it and if they have the “Frictionless 3DS2” option.
In any case, the issuing bank is the one to determine whether the transaction will be subject to exemption.