The Developer Hub

Welcome to the developer hub. You'll find comprehensive guides and documentation to help you start working with as quickly as possible, as well as support if you get stuck. Let's jump right in!

3D Secure

3D Secure is a security standard that was designed to enable additional security in online payments. Datatrans supports both, 3D Secure 1 and 2 for any brand supporting the security protocol - including Mastercard, Visa, and American Express. 3D Secure may or may not be applied depending on your merchant’s configuration.

Questions related to 3D Secure?

Get in touch with us today and we'll make sure to answer your questions related to 3D Secure, conversion, and more. Send us a message by using our contact form any time.

3D Secure 2

3D Secure 2 (3DS2) is an enhanced version protocol of 3D Secure that aims to reduce fraud and adds further security measures for online card transactions. 3DS2 introduced a broader set of data for creating more frictionless card payments. Acquirers and issuers in some regions had to be ready for 3D Secure 2 as of the 1st of April 2019. On this date, the ramp-up phase for the merchant onboarding started. Due to several factors including a tight timeline for technical implementation and COVID-19, we expect delays on the side of some acquirers and issuers. 3D Secure 1 will continue to be supported for the foreseeable future.

We are in charge of the migration of 3D Secure 1 to 3D Secure 2, and we will try to keep your required technical changes to an absolute minimum. The advantages of 3D Secure 2 for merchants include an enhanced conversion rate and risk measures, frictionless flows, a more harmonized look for 3D Secure, new methods of authentication, and more.

Actions Required as a Merchant

To integrate 3DS2 correctly, you will need to check three things accordingly.

  • One is the enrollment for 3DS2 of your acquirer. Acquirers will enroll any merchant for 3D Secure 2 that is already registered for 3D Secure 1. We are actively working with acquirers to receive all information needed for the merchant enrollment on our side. Stay informed with your account manager at Datatrans and at your acquiring partner for more information on your upcoming auto-enrolment. Most merchants will not need to apply any changes.

  • Two, 3D Secure 2 requires many parameters more than 3D Secure 1. This data is classified into three main categories: Device Information, Browser Information, and Merchant Risk Information. The latter consists of cardholder account information, specific purchase information, prior transaction authentication information, and merchant cardholder account authentication information.
    The submitted data allows issuers to run transaction-based risk analyses. The more data a merchant provides, the better are the chances for a frictionless flow to be applied during the transaction. The newly mandatory elements are covered by Datatrans. The conditional and optional fields can be specified by you. Please refer to our init endpoint for further details. You will find the conditional and optional parameters inside the object 3D nested inside the object card. Each issuer will handle the additional parameters differently. In addition, there is no guarantee for frictionless flows.

  • Three, you may have to update your data privacy. The terms and conditions of the European General Data Protection Regulation GDPR are not in contradiction to the PSD2 requirements on Strong Customer Authentication. Neither are they to the 3D Secure 2 authentication protocol. They rather provide a legal framework for processing authentication data in a secure and protective manner. This means that GDPR compliance is a prerequisite to meet the PSD2 and 3D Secure 2 requirements.

Merchants can decide which optional and conditional data are sent to the issuer for risk scoring purposes. It is important that cardholders are informed in your privacy policy about the optional or conditional data being processed. Many of the new parameters are linked to personal data and subject to GDPR. The responsibility for processing biometric information (e.g. fingerprints) and any other sensitive information resides with the issuer. No further actions have to be taken in this regard.

For Strong Customer Authentication (SCA) exemptions and soft declines, please refer to our dedicated section SCA Exemptions of the documentation.

Dynamic 3D Secure

Our product Dynamic 3D Secure takes care of applying 3D Secure authentication only if your client's card issuer is from an EEA country. Based on the card number, we are able to identify if this is the case or not. While this product may reduce friction during checkouts, especially for countries where 3D Secure is not as dominant as it is in EEA countries, the liability shift protection will be completely missing for such transactions. We do recommend to enforce 3D Secure whenever possible.

To activate Dynamic 3D Secure, please get in touch with your account manager at Datatrans or send us a message by using our contact form.

Updated about 9 hours ago

3D Secure

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.