Fraud Tools

3D Secureanchor

3D Secure is an additional security layer for online credit and debit card transactions that adds an authentication step for customers making online purchases.

Benefitsanchor

3D Secure is safer than processing cards normally, for you and your customers. By enabling 3D Secure alongside Braintree's fraud tools, you can reduce your risk of fraud and chargebacks.

Enabling 3D Secure also allows you to accept credit cards that you could otherwise not accept due to restrictions (e.g. Maestro).

note

Enabling 3D Secure does not prevent your business from being identified in the Visa Dispute Monitoring Program (VDMP). Learn more about the VDMP in our blog.

Compatibilityanchor

3D Secure is only compatible with credit card, debit card, and Secure Remote Commerce transactions.

We currently support 3D Secure for most merchants in the US, Canada, Europe, Australia, and Asia Pacific regions. Production accounts for merchants outside the EEA are not automatically enrolled in 3D Secure. You can confirm if your account has been set up for 3D Secure in the Control Panel; learn more.

3D Secure is only compatible with certain configurations. If you’re unsure whether or not your configuration is compatible, contact us.

Card brandsanchor

Most card brands have their own 3D Secure services. We support the following:

  • Visa Secure and Verified by Visa
  • American Express SafeKey
  • Mastercard Identity Check and Mastercard Securecode
  • Maestro
  • Discover ProtectBuy (including Diners Club)

Processinganchor

With Braintree, a 3D Secure Lookup is performed during the checkout process. If the cardholder is enrolled in 3D Secure, the issuing bank will decide whether the cardholder's identity can be verified using data supplied regarding the cardholder and their device, or if an additional authentication process is necessary. If additional authentication is necessary, the Braintree SDK will display a dialog box or iframe provided by the issuing bank that will prompt the cardholder to verify their identity. Identity verification mechanisms will vary per cardholder and issuing bank, but can include SMS one-time passcode, the issuing bank's mobile app, biometric recognition methods such as fingerprint or voiceprint, or other means.

3D Secure details and statuses for each transaction can be viewed in the Transaction Detail page in the Control Panel. The 3D Secure status code indicates whether or not the authenticated transaction resulted in a liability shift.

Feesanchor

Depending on your pricing model, there may be an additional per transaction fee to process 3D Secure transactions. If you’re unsure which pricing model you’re on, Contact us for fee information.

Chargebacksanchor

In certain cases, 3D Secure can shift liability for chargebacks due to fraud from you to the customer’s bank. Liability shifts for fraudulent chargebacks will be based on the transaction's status code. The following 3D Secure status codes will result in a liability shift:

  • authenticate_successful
  • authenticate_attempt_successful

You can learn more about these statuses in our developer docs.

important

Not all transactions processed with 3D Secure automatically shift liability – and a shift in liability does not always trigger automatic representation for the chargeback. You will still need to monitor your chargebacks and complete any action required for each one.

Maestro cardsanchor

In most instances, Maestro cards rely on using 3D Secure technology. While enrolling in 3D Secure does allow for more flexibility to accept Maestro cards, you can't use recurring billing with Maestro cards when enrolled in 3D Secure.

Regardless of whether your account is enrolled in 3D Secure, you should never process a Maestro transaction by entering the card number directly in the Control Panel. Maestro transactions created in the Control Panel might initially appear to successfully settle, but they will eventually be rejected.

Setupanchor

To start supporting 3D Secure, you’ll need to update your code via the API and then contact us to enroll.

Confirm setupanchor

You can confirm that your account has been set up for 3D Secure in the Control Panel. To do this:

  1. Log into the Control Panel
  2. Click on the gear icon in the top right corner
  3. Click Business from the drop-down menu
  4. Scroll down to the Merchant Accounts section
  5. Click on the Merchant Account ID link for the account you'd like to verify
  6. If your account is enrolled in 3D Secure, the following will be true:
    • The 3D Secure field will show as Enrolled
    • 3D Secure 1 or EMV 3D Secure 2 will be automatically selected based on which version is most likely to lead to successful authentication and authorization

Special note on Amexanchor

American Express Safekey is not enabled automatically with 3D Secure. Contact us to confirm your Amex setup and enable Safekey.

important

If you're based in the US and are using Amex SafeKey, there are additional setup and integration steps you will need to follow. First, you'll need to contact us to begin the setup process. Then, you'll need to update your integration.

3D Secure 2anchor

We have upgraded our 3D Secure integration in preparation for 3DS2 and PSD2 Strong Consumer Authentication (SCA) compliance requirements.

Moving to 3DS2 can help merchants transacting in the EU to increase conversions, meet SCA requirements, enhance fraud protection globally, and reduce friction during checkout for both web and mobile purchases. For more information, see the migration guide.