3-D Secure

Note: For information on 3-D Secure 2.0, PSD2, and SCA, refer to our 3-D Secure 2.0 FAQs page.

3-D Secure (3DS) is a tool that provides an additional layer of security for online card transactions and is supported by most card issuers. If 3DS is activated for your account, BlueSnap will perform a lookup during checkout to determine if the issuer requires shopper identity verification to complete the transaction. If verification is required, a popup prompts the shopper to enter a password, which is typically a one-time code sent via text message.

Benefits

  • Reduced risk of unauthorized card use
  • Increased shopper confidence in the security of the transaction
  • Protection against fraud chargebacks for successfully authenticated transactions

Supported cards

Each of the major card brands has a 3DS offering:

  • American Express Safekey®
  • Discover ProtectBuy®
  • Mastercard SecureCode®
  • Visa Secure®

The shopper experience

The following steps outline the general 3DS flow with images taken from a BlueSnap Hosted Page.

Step 1: Shopper enters card information and submits payment form

Step 2: If shopper verification is required, a popup prompts the shopper to enter a password

A lookup is performed during checkout to determine if the issuer requires identity verification from the shopper. If required, a popup like the one below prompts the shopper to enter a password, which is typically a one-time code sent via text message.

Step 3: Confirmation page displays

Back to Top

3-D Secure in the Hosted Pages

BlueSnap's Hosted Pages provide out-of-the-box support for 3DS. To get started, contact Merchant Support to request that BlueSnap enable 3DS for your account. After it has been enabled, you can activate it in your BlueSnap Console by going to Settings > Fraud Settings and selecting Enable 3D Secure.

3-D Secure in the Payment API

BlueSnap's Payment API provides built-in support for 3DS. Complete implementation details are available in this API Guide.

Chargeback liability shift

In addition to preventing unauthorized card use, 3DS can shift liability for fraud chargebacks from the merchant to the card issuer in these situations:

  • Situation 1: Shopper successfully verifies their identity by entering a password.
  • Situation 2: An issuer who perceives the transaction to be low risk authenticates without requiring identity verification from the shopper.

In Situation 2, the shopper never sees a popup window requesting a password during checkout, making the 3DS flow entirely transparent to them.

Chargebacks may still occur

You may still receive fraud chargebacks for transactions authenticated using 3DS. However, these chargebacks are considered invalid and will be automatically disputed for merchants enrolled in one of BlueSnap’s chargeback management services.

Back to Top

When to use 3-D Secure

While 3DS provides many benefits, a risk of checkout abandonment is introduced. For example, shoppers in regions where 3DS is not widely implemented, such as the United States, may not be prepared to complete an additional verification step. This might result in the shopper abandoning the purchase. You might find it's best to implement 3DS when the shopper is located in a region where 3DS is commonly used or mandated by the card network, or when you perceive the transaction to be fraudulent.

In the Hosted Pages, if 3DS is activated, the lookup is performed for every transaction by default and the issuer determines if the shopper needs to enter a password to verify their identity. The shopper's experience is dependent on the issuer's decision.

In the Payment API, the merchant can allow 3DS usage at the transaction level, meaning the merchant controls whether BlueSnap performs the lookup for a specific transaction. If 3DS is allowed, the shopper's experience depends on whether the issuer requires identity verification.

Note:

If you would like to implement rules at the account level that determine when the 3DS lookup is performed, contact Merchant Support at merchants@bluesnap.com.

Sandbox testing

You may use the following cards, with any random 3-digit CVV code, to test various 3DS results.

Card Type
Card Number
Exp. Date
3DS Authentication Result

Visa

4000000000000002

01/2020

Success

Visa

4000000000000028

01/2020

Failed

Visa

4000000000000069

01/2020

Unavailable

Mastercard

5200000000000007

01/2020

Success

Mastercard

5200000000000023

01/2020

Failed

Mastercard

5200000000000064

01/2020

Unavailable

3-D Secure


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.