3D Secure 2

Making authentication work better for you and your customers.

Having the right authentication solution for your business ultimately means improving your authorisation rates and reducing your fraud exposure, all while providing a great customer experience.

The update from 3DS1 to 3DS2.

3DS2 is the latest version, but with some key differences, including: being mobile optimised, offering exemptions for certain transactions types and removing the need to redirect customers (which has previously caused an increase in basket abandonment).

3DS1 Flow: redirect with a potentially higher drop off.

3DS2 Flow: seamless with reduced drop off.

What is Strong Customer Authentication?

SCA is a legal requirement in the EU, which came into force in the UK and EU from 31 December 2020 and in the UK from 14 March 2022. As consumers continue to buy more goods and services online, there's been a growing need for an additional layer of security that protects both the consumer and merchant from falling victim to fraud. This new regulation ensures that an additional security layer is added to most online payment flows.

What is PSD2?

The Regulation
The Payment Service Directive is a European regulation designed to make online payments more secure, improve customer rights and enable third-party access to account information.

What is SCA?

The Requirement
Strong Customer Authentication is a requirement of PSD2, designed 'to make online payments more secure'. It asks businesses to use 2 authentication elements to verify online payments.

What is 3DS2?

The Solution
3D Secure 2 is an authentication protocol for SCA. It adds an additional layer of security during online transactions to help ensure that the cardholder and the person making the purchase, match.

What is PSD2?

The Regulation
The Payment Service Directive is a European regulation designed to make online payments more secure, improve customer rights and enable third-party access to account information.

What is SCA?

The Requirement
Strong Customer Authentication is a requirement of PSD2, designed 'to make online payments more secure'. It asks businesses to use 2 authentication elements to verify online payments.

What is 3DS2?

The Solution
3D Secure 2 is an authentication protocol for SCA. It adds an additional layer of security during online transactions to help ensure that the cardholder and the person making the purchase, match.

SCA requires online payments to have an extra layer of security.

1.

Customer initiates payment.

The customer starts the transaction on your website or in your app.

NEW

2.

Authentication check.

If the issuer is satisfied that the cardholder is the person making the purchase they'll authenticate the payment . If not, they'll ask the cardholder for some extra input.

3.

Payment completed.

Once the issuer is satisfied, they'll authorise the payment.

An introduction to Strong Customer Authentication (SCA)

An overview on what the regulation is, how it came into force and what merchants need to do or be aware of in the coming months.

FAQs

While we'll continue to update this toolkit, if you have any additional questions that are not covered here, email us at help@judopay.com.

How can I enable 3DS on my API keys?

If it is your first time integrating 3D Secure, you will need to ensure you have an API application key (token and secret) enabled for 3D Secure. Please contact help@judopay.com to get this configured on your account.

Can I accept 3DS payments with Amex?

Amex 3DS enrollment can take up to 8 business days but if your MID is activated already you can process payments without 3DS.

Can Judopay block non-3DS payments?

We're currently unable to block or reject non-3DS payments. If the card is not enrolled with 3DS, authentication is not requested and the transaction is processed as normal. In these cases we flag the transaction with the issuer as "3DS attempted but not enrolled". However, for cards that are enrolled in 3DS, if the cardholder does not pass the authentication stage, the payment fails.