3D Secure is a tool that provides an additional layer of security for online card transactions and is supported by most card issuers. If 3D Secure is activated for your account, BlueSnap will perform a lookup during checkout to determine if the issuer requires shopper identity verification to complete the transaction. If verification is required, a popup will prompt the shopper to enter a password, which is typically a one-time code sent via text message.
- Reduced risk of unauthorized card use
- Increased shopper confidence in the security of the transaction
- Protection against fraud chargebacks for successfully authenticated transactions
American Express, Diner's Club, Discover, Mastercard, and Visa cards are supported with 3D Secure. Each has their own product name by which 3D Secure is known:
- American Express SafeKey
- Discover/Diner's Club ProtectBuy
- Mastercard SecureCode
- Verified by Visa
The following steps outline the general 3D Secure flow with images taken from a BlueSnap Hosted Page.
A lookup is performed during checkout to determine if the issuer requires identity verification from the shopper. If required, a popup like the one below prompts the shopper to enter a password, which is typically a one-time code sent via text message.
BlueSnap's Hosted Pages provide out-of-the-box support for 3D Secure. To get started, contact Merchant Support to request that BlueSnap enable 3D Secure for your account. After it has been enabled, you can activate it in your BlueSnap Console by going to Settings > Fraud Settings and selecting Enable 3D Secure.
BlueSnap's Payment API provides built-in support for 3D Secure. Complete implementation details are available in the API Guide for 3D Secure.
In addition to preventing unauthorized card use, 3D Secure can shift liability for fraud chargebacks from the merchant to the card issuer in these situations:
- Situation 1: Shopper successfully verifies their identity by entering a password.
- Situation 2: An issuer who perceives the transaction to be low risk authenticates without requiring identity verification from the shopper.
In Situation 2, the shopper never sees a popup window requesting a password during checkout, making the 3D Secure flow entirely transparent to them.
Chargebacks may still occur
You may still receive fraud chargebacks for transactions authenticated using 3D Secure. However, these chargebacks are considered invalid and will be automatically disputed for merchants enrolled in one of BlueSnap’s chargeback management services.
While 3D Secure provides many benefits, a risk of checkout abandonment is introduced. For example, shoppers in regions where 3D Secure is not widely implemented, such as the United States, may not be prepared to complete an additional verification step. This might result in the shopper abandoning the purchase. You might find it's best to implement 3D Secure when the shopper is located in a region where 3D Secure is commonly used or mandated by the card network, or when you perceive the transaction to be fraudulent.
In the Hosted Pages, if 3D Secure is activated, the lookup is performed for every transaction by default and the issuer determines if the shopper needs to enter a password to verify their identity. The shopper's experience is dependent on the issuer's decision.
In the Payment API, the merchant can allow 3D Secure usage at the transaction level, meaning the merchant controls whether BlueSnap performs the lookup for a specific transaction. If 3D Secure is allowed, the shopper's experience depends on whether the issuer requires identity verification.
If you would like to implement rules at the account level that determine when the 3D Secure lookup is performed, contact Merchant Support at firstname.lastname@example.org.
You may use the following cards, with any random 3-digit CVV code, to test various 3D Secure results.