The developer.datatrans.com Developer Hub

Welcome to the developer.datatrans.com developer hub. You'll find comprehensive guides and documentation to help you start working with developer.datatrans.com as quickly as possible, as well as support if you get stuck. Let's jump right in!

3D Secure

3D Secure is a security standard that was designed to enable additional security in online payments. Datatrans supports both, 3D Secure 1 and 2 for any brand supporting the security protocol - including Mastercard, Visa, and American Express. 3D Secure may or may not be applied depending on your merchant’s configuration.

Questions related to 3D Secure?

Get in touch with us today and we'll make sure to answer your questions related to 3D Secure, conversion, and more. Send us a message by using our contact form any time.

3D Secure Response

We return the directory response for any transaction where a 3D Secure verification can take place and the authentication response for any transaction where a 3D Secure challenge flow was completed. In other words: directoryResponse tells you if a card is enrolled or needs authentication and authenticationResponse returns the challenge flow response. You may also show the returned information in cardHolderInfo to your customers - This message is optionally returned by the issuer for the cardholder. transStatusReason gives you additional information on the failed 3D authentication.

Directory Response
Code
Description

Authenticated

Enrolled

Y

The card or account was authenticated seamlessly with 3D Secure. No challenge flow will take place.

The card or account is enrolled and a challenge flow will take place.

Failed

Not Enrolled

N

The card or account failed to be authenticated seamlessly with 3D Secure. A challenge flow is required to finalize the authentication.

The card or account is not enrolled and no challenge flow will take place.

Error

U

The authentication or account verification could not be performed. This is usually linked to technical problems.

Authentication Performed

A

One or more 3D Secure authentication attempts were performed but no authentication or account verification was completed successfully. This serves as a proof that 3D Secure authentication was attempted. This may also be returned if a cardholder skips the 3D Secure registration.

Challenge Required

C

An additional authentication is required to finalize this transaction.

Declined

R

The issuer rejected the authentication or account verification. No authorization will take place.

Authentication Response
Code
Description

Successful

Y

The authentication or account verification was successful.

Failed

N

The authentication or account could not be verified. This will be returned when the authentication fails.

Error

U

The authentication or account verification could not be performed. This is usually linked to technical problems.

Authentication Performed

A

One or more 3D Secure authentication attempts were performed but no authentication or account verification was completed successfully. This serves as a proof that 3D Secure authentication was attempted. This may also be returned if a cardholder skips the 3D Secure registration.

Challenge Required

C

The challenge flow requires an additional authentication process. The authentication process is incomplete.

Not Enrolled

D

Some authentication attempts will return this status when a card is not enrolled for 3D Secure. This status is only returned in 3Dv1.

3D Secure 2

3D Secure 2 (3DS2) is an enhanced version protocol of 3D Secure that aims to reduce fraud and adds further security measures for online card transactions. 3DS2 introduced a broader set of data for creating more frictionless card payments. Acquirers and issuers in some regions had to be ready for 3D Secure 2 as of the 1st of April 2019. On this date, the ramp-up phase for the merchant onboarding started. Due to several factors including a tight timeline for technical implementation and COVID-19, we expect delays on the side of some acquirers and issuers. 3D Secure 1 will continue to be supported for the foreseeable future.

We are in charge of the migration of 3D Secure 1 to 3D Secure 2, and we will try to keep your required technical changes to an absolute minimum. The advantages of 3D Secure 2 for merchants include an enhanced conversion rate and risk measures, frictionless flows, a more harmonized look for 3D Secure, new methods of authentication, and more.

Actions Required as a Merchant

To integrate 3DS2 correctly, you will need to check three things accordingly.

  • One is the enrollment for 3DS2 of your acquirer. Acquirers will enroll any merchant for 3D Secure 2 that is already registered for 3D Secure 1. We are actively working with acquirers to receive all information needed for the merchant enrollment on our side. Stay informed with your account manager at Datatrans and at your acquiring partner for more information on your upcoming auto-enrolment. Most merchants will not need to apply any changes.

  • Two, 3D Secure 2 requires many parameters more than 3D Secure 1. This data is classified into three main categories: Device Information, Browser Information, and Merchant Risk Information. The latter consists of cardholder account information, specific purchase information, prior transaction authentication information, and merchant cardholder account authentication information.
    The submitted data allows issuers to run transaction-based risk analyses. The more data a merchant provides, the better are the chances for a frictionless flow to be applied during the transaction. The newly mandatory elements are covered by Datatrans. The conditional and optional fields can be specified by you. Please refer to our init endpoint for further details. You will find the conditional and optional parameters inside the object 3D nested inside the object card. Each issuer will handle the additional parameters differently. In addition, there is no guarantee for frictionless flows.

  • Three, you may have to update your data privacy. The terms and conditions of the European General Data Protection Regulation GDPR are not in contradiction to the PSD2 requirements on Strong Customer Authentication. Neither are they to the 3D Secure 2 authentication protocol. They rather provide a legal framework for processing authentication data in a secure and protective manner. This means that GDPR compliance is a prerequisite to meet the PSD2 and 3D Secure 2 requirements.

Merchants can decide which optional and conditional data are sent to the issuer for risk scoring purposes. It is important that cardholders are informed in your privacy policy about the optional or conditional data being processed. Many of the new parameters are linked to personal data and subject to GDPR. The responsibility for processing biometric information (e.g. fingerprints) and any other sensitive information resides with the issuer. No further actions have to be taken in this regard.

For Strong Customer Authentication (SCA) exemptions and soft declines, please refer to our dedicated section SCA Exemptions of the documentation.

Dynamic 3D Secure

Our product Dynamic 3D Secure takes care of applying 3D Secure authentication only if your client's card issuer is from an EEA country. Based on the card number, we are able to identify if this is the case or not. While this product may reduce friction during checkouts, especially for countries where 3D Secure is not as dominant as it is in EEA countries, the liability shift protection will be completely missing for such transactions. We do recommend enforcing 3D Secure whenever possible.

Use Dynamic 3D Secure at your own risk!

Although it is our goal to only offer smooth payment processes to our merchants, malfunctioning or inappropriate configuration can never be completely excluded. This would ultimately lead to additional authentication and authorization errors. Datatrans is not liable for errors caused by malfunctioning or a misconfiguration of Dynamic 3D Secure.

To activate Dynamic 3D Secure, please get in touch with your account manager at Datatrans or send us a message by using our contact form.

Updated 10 days ago

3D Secure


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.