Best practices for implementing 3DS2: Keeping your online payment secure.

In an era when digital transactions are the norm, security has to be a priority. While we won’t do a deep dive into what 3D Secure 2 is and how it works in this blog (you can read more on that here) it offers a secure authentication process for online payments. 

Getting 3DS2 right can lead to reduced fraud, higher conversion rates  and an overall better customer experience. But it can be a tricky balance between ensuring secure transactions and creating a seamless customer experience. 

Here are some best practices for leveraging 3DS2 to its full potential.

1. Adopt a frictionless flow, where possible. 

One of the key benefits of 3DS2 is its ability to offer a frictionless online payment experience whilst protecting customers from fraud. As long as the Issuer is confident that the person making the transaction is the cardholder, the transaction can be authenticated without them needing to manually approve the payment or enter an OTP (one-time password). 

To maximise the chances of your customers experiencing a frictionless payment…

Leverage data points.

Ensure that you’re collecting and sending all of the recommended data points, such as device information, transaction history and customer behaviour. The more data the Issuer receives, the better, as it can help them to determine that the cardholder is legitimate and allow a frictionless flow. 

The following parameters to be sent in every 3D Secure authentication request:

  • Browser IP address.
  • Cardholder name.
  • Cardholder email address or phone number.

Note - 

As 3D Secure continues to evolve, updates are often made to the types of data points that need to be sent with every transaction. Keeping up to date with these changes can lead to higher approval rates and a better customer experience. 

For more details on the mandatory data points and any updates check out our Docs here.

2. Benefit from Step-Up Authentication. 

If an Issuer is unsure whether a transaction is legitimate, a transaction may be soft declined.

To tackle this and improve approval rates, one feature you can benefit from is step-up authentication. 

With step-up authentication, if a transaction is soft declined the customer can be prompted to provide additional information such as an OTP. This sends additional data to the Issuer to help prove that the cardholder is legitimate, allowing the transaction to proceed successfully. 

Tips for step-up authentication:

  • Offer multiple authentication methods: Provide customers with a variety of authentication options, such as SMS, OTP etc. This flexibility ensures that customers can complete the authentication in a way that is most convenient for them.
  • Optimise the step-up flow: Ensure that the step-up flow is as seamless as possible. This means optimising the UI for mobile devices, reducing load times, and providing clear instructions to the customer.

3. Don’t forget to optimise for mobile.

With the rise of mobile and app commerce, it’s critical that your 3DS2 flow is optimised for mobile devices. This isn’t just about making sure that your payment page is responsive, it’s ensuring that the entire authentication flow is smooth and user-friendly on smaller screens. 

Considerations for mobile optimisations include:

  • In-app authentication: Do you have a mobile app? Consider implementing in-app 3DS2 authentication. This approach keeps the customer within the app during the authentication process, reducing the risk of drop-off.
  • Test across multiple devices: Ensure that the 3DS2 flow works smoothly across a wide range of devices and operating systems.

4. Check if any of your transactions are exempt.

“Exemptions” are transaction types that are (you guessed it) exempt or out-of-scope.

Exempt transactions = you can choose to tell the card Issuer that you want these types of transactions to be exempt.
Out of scope = these transactions won’t go through 3DS2 if you send data with the transactions that shows that they’re out of scope.

Note, this list may evolve over time but exemptions include:

  • Merchant-initiated transactions (MIT) / Recurring payments (out-of-scope).
  • Low-value payments (exempt).
  • Mail orders & Telephone orders (MOTO) (out-of-scope).
  • Low risk transactions (exempt).
  • Corporate payments, where a dedicated B2B payment method is used (exempt).

To enable or not enable? This really depends on your business. Just because you can make certain transactions exempt doesn’t always mean you should. Speak to your payment provider to discuss the best option and check out our Exemptions blog here.

5. Monitor and optimise performance. 

Ok, so you’ve implemented 3DS2. Now what?

It’s crucial to continuously monitor performance and make updates as and when needed. 

Tips for optimising your 3DS2 flow include:

  • Monitoring approval rates: Keeping an eye on your approval rates will be a key indicator if your flow is working well or needs adjusting. If you begin to notice a decrease in your approval rates, speak to your payment provider to explore possible causes and a solution. 
  • A/B testing: It can be tricky to find that balance between security and user experience. A/B testing can help determine which authentication methods and flows give the best conversion rates while keeping your transactions secure.

6. Stay compliant with regulations. 

Regulations regarding online payments and customer authentication are regularly updated, and can vary region by region. 

To remain compliant:

  • Understand local requirements: Ensure that your 3DS2 implementation meets the specific requirements of the regions where your business is operating.
  • Update, as and when, regulations evolve: It’s important to stay informed and update your flows accordingly. Work with a payment provider that will keep you up-to-date with regulatory changes and ensure that you stay compliant.

7. Work with a proactive payment provider.

Implementing 3DS2 can be complex; working with a proactive payment provider can simplify the process. A payment provider should not only support 3DS2 but also offer hands-on support and continuous monitoring when it comes to 3DS2.

Conclusion. 

3DS2 was a great shift in improving security for online payments, while offering a seamless experience for customers. By following these best practices — focusing on frictionless flows, optimising for mobile, checking for exemptions, benefiting from step-up authentication, monitoring performance, staying compliant and working with a proactive payment provider — you can ensure that your 3DS2 implementation will be both effective and customer-friendly.

Looking to implement 3DS2 for your online payments? Speak to our team.

Recent posts.

Product

Mobility taxi image for payments

Understanding Incremental Authorisation in payments

Read morePurple background blob

Insights

Judopay and Mobo2Go case study imageTeal background blob

‍7 steps for making your small business greener

Read more

Insights

Strong Customer AuthenticationPink background blob

Take your business to the next level with our payment tips.

Read more
Trustpilot

Company

AboutCareersBecome a partnerGet in touch

Products

Online paymentsMobile paymentsPayment linksGateway onlyFraud protection

Solutions

MobilityHospitalityConsumer financeHealthcare

Resources

BlogDocumentationSupport CentrePress & MediaStatus pageLegal hub
© Judopay 2025.
Service AgreementTerms & conditionsCookie policyPrivacy policyCertificates
Alternative Payments Limited (Company Number 07959933) t/a Judopay is wholly owned by Fabrick S.p.A., part of the Banca Sella Group.