Overview

note

We have upgraded our 3D Secure integration in preparation for 3DS2 and PSD2 Strong Consumer Authentication (SCA) compliance requirements in 2019.

This guide shows our legacy integration for 3D Secure. To use 3DS2 instead:

• If you've already integrated 3DS1, see our 3DS2 migration guide.
• If you don't use 3DS yet, see our full 3D Secure integration guide that we've updated for 3DS2.

3D Secure benefits cardholders and merchants by providing an additional layer of verification. During the checkout process, a lookup is performed to determine if the cardholder is enrolled in 3D Secure and whether they will need to authenticate the transaction. If authentication is necessary, the Braintree SDK will display a web page provided by the card issuer. This page will verify the cardholder’s identity, which is usually achieved by entering a password. Learn more about 3D Secure processing in our support article.

How it works

In addition to helping fight fraudulent card use, 3D Secure can shift liability for chargebacks due to fraud from the merchant to the card issuer. For example, if the card issuer does not participate in 3D Secure but the card brand supports this extra protection (i.e. Visa or Mastercard), the liability will shift to the card issuer.

3D Secure does not shift liability for all fraudulent chargebacks. You can determine whether or not liability shift occurred by the 3D Secure status code returned for the authentication.

Payment flow

On the client side:

• Generate a client token
• Render a checkout page to collect customer payment information
• Verify the credit card amount
• The customer may be prompted to authenticate using their bank login credentials if they are enrolled in 3D Secure and the card-issuing bank either always requires password authentication or has identified the transaction as risky

On the server side:

• If the authentication is completed successfully or none was required, use the returned nonce to create a transaction.