Note: For information on 3-D Secure 2.0, PSD2, and SCA, refer to our 3-D Secure 2.0 FAQs page.
3-D Secure (3DS) is a tool that provides an additional layer of security for online card transactions and is supported by most card issuers. If 3DS is activated for your account, BlueSnap will perform a lookup during checkout to determine if the issuer requires shopper identity verification to complete the transaction. If verification is required, a popup prompts the shopper to enter a password, which is typically a one-time code sent via text message.
- Reduced risk of unauthorized card use
- Increased shopper confidence in the security of the transaction
- Protection against fraud chargebacks for successfully authenticated transactions
Each of the major card brands has a 3DS offering:
- American Express Safekey®
- Discover ProtectBuy®
- Mastercard SecureCode®
- Visa Secure®
The following steps outline the general 3DS flow with images taken from a BlueSnap Hosted Page.
A lookup is performed during checkout to determine if the issuer requires identity verification from the shopper. If required, a popup like the one below prompts the shopper to enter a password, which is typically a one-time code sent via text message.
BlueSnap's Hosted Pages provide out-of-the-box support for 3DS. To get started, contact Merchant Support to request that BlueSnap enable 3DS for your account. After it has been enabled, you can activate it in your BlueSnap Console by going to Settings > Fraud Settings and selecting Enable 3D Secure.
BlueSnap's Payment API provides built-in support for 3DS. Complete implementation details are available in this API Guide.
In addition to preventing unauthorized card use, 3DS can shift liability for fraud chargebacks from the merchant to the card issuer in these situations:
- Situation 1: Shopper successfully verifies their identity by entering a password.
- Situation 2: An issuer who perceives the transaction to be low risk authenticates without requiring identity verification from the shopper.
In Situation 2, the shopper never sees a popup window requesting a password during checkout, making the 3DS flow entirely transparent to them.
Chargebacks may still occur
You may still receive fraud chargebacks for transactions authenticated using 3DS. However, these chargebacks are considered invalid and will be automatically disputed for merchants enrolled in one of BlueSnap’s chargeback management services.
While 3DS provides many benefits, a risk of checkout abandonment is introduced. For example, shoppers in regions where 3DS is not widely implemented, such as the United States, may not be prepared to complete an additional verification step. This might result in the shopper abandoning the purchase. You might find it's best to implement 3DS when the shopper is located in a region where 3DS is commonly used or mandated by the card network, or when you perceive the transaction to be fraudulent.
In the Hosted Pages, if 3DS is activated, the lookup is performed for every transaction by default and the issuer determines if the shopper needs to enter a password to verify their identity. The shopper's experience is dependent on the issuer's decision.
In the Payment API, the merchant can allow 3DS usage at the transaction level, meaning the merchant controls whether BlueSnap performs the lookup for a specific transaction. If 3DS is allowed, the shopper's experience depends on whether the issuer requires identity verification.
If you would like to implement rules at the account level that determine when the 3DS lookup is performed, contact Merchant Support at email@example.com.
You may use the following cards, with any random 3-digit CVV code, to test various 3DS results.