3-D Secure for Payflow
3-D Secure, also known as a payer authentication, is a security protocol created by Visa and Mastercard to help prevent online credit and debit card fraud. Payer authentication is based on the following three-domain (3-D) model:
- The issuer domain—(Card Issuers and Cardholders): Card issuers enroll and activate cardholder accounts to participate in the buyer authentication programs. The card issuer is responsible for authenticating the cardholder during the checkout process.
- The acquirer domain—(Acquirers and Merchants): Merchants communicate with Payflow to initiate the authentication process. Once authentication is completed, the authentication data is appended to the financial transaction sent to the gateway or processor.
- The interoperability domain—(Allows the Issuer Domain to interoperate with the Acquirer Domain): Payflow communicates with the various directory servers to facilitate communication between cardholder and issuer. Once the cardholder is redirected to the card issuer's authentication site, the cardholder is prompted for authentication credentials.
Payflow supports the following 3-D Secure protocols:
- Mastercard SecureCode
- American Express' SafeKey
- Discover's ProtectBuy, which includes JCB cards
3-D Secure authentication options with Payflow
Using Payflow, you can authenticate cardholders with the 3-D Secure protocol in one of two ways:
- Enable the Payflow Buyer Authentication service—Recommended for a simpler integration.
- Use a 3rd-Party Merchant Plug-in (MPI)—Requires you to collect authentication data using an MPI and passing that information to Payflow.
- For information about using 3-D Secure with Website Payments Pro and the
DoDirectPaymentoperation, refer to 3-D Secure for Website Payments Pro.