Authentication

3D Secure 2 Best Practices

3D Secure 2 Best Practices

Here are some best practices for leveraging 3D Secure 2 to its full potential.

1

Adopt a frictionless flow, where possible. To maximise the chances of your customers experiencing a frictionless payment…

Leverage data points. Ensure that you’re collecting and sending all of the recommended data points, such as device information, transaction history and customer behaviour. The more data the Issuer receives, the better, as it can help them to determine that the cardholder is legitimate and allow a frictionless flow.

The following parameters are to be sent in every 3D Secure authentication request:

  • Browser IP address
  • Cardholder name
  • Cardholder email address or phone number

As 3D Secure continues to evolve, updates are often made to the types of data points that need to be sent with every transaction. Keeping up to date with these changes can lead to higher approval rates and a better customer experience.

For more details on the mandatory data points and any updates check out our Docs here.

2

Benefit from Step-Up Authentication. If an Issuer is unsure whether a transaction is legitimate, a transaction may be soft declined. To tackle this and improve approval rates, one feature you can benefit from is step-up authentication.

With step-up authentication, if a transaction is soft declined the customer can be prompted to provide additional information such as an OTP. This sends additional data to the Issuer to help prove that the cardholder is legitimate, allowing the transaction to proceed successfully. Tips for step-up authentication:

  • Offer multiple authentication methods
    Provide customers with a variety of authentication options, such as SMS, OTP etc. This flexibility ensures that customers can complete the authentication in a way that is most convenient for them.
  • Optimise the step-up flow
    Ensure that the step-up flow is as seamless as possible. This means optimising the UI for mobile devices, reducing load times, and providing clear instructions to the customer.
3

Don’t forget to optimise for mobile. With the rise of mobile and app commerce, it is critical that your 3DS2 flow is optimised for mobile devices. This isn’t just about making sure that your payment page is responsive, it is ensuring that the entire authentication flow is smooth and user-friendly on smaller screens. Considerations for mobile optimisations include:

  • In-app authentication Do you have a mobile app? Consider implementing in-app 3DS2 authentication. This approach keeps the customer within the app during the authentication process, reducing the risk of drop-off.
  • Test across multiple devices
    Ensure that the 3DS2 flow works smoothly across a wide range of devices and operating systems.
4

Check if any of your transactions are exempt. Exempt transactions = you can choose to tell the card Issuer that you want these types of transactions to be exempt. Out of scope = these transactions won’t go through 3DS2 if you send data with the transactions that shows that they are out of scope. This list may evolve over time, but exemptions include:

  • Merchant-initiated transactions (MIT) / Recurring payments (out-of-scope)
  • Low-value payments (exempt)
  • Mail orders & Telephone orders (MOTO) (out-of-scope)
  • Low risk transactions (exempt)
  • Corporate payments, where a dedicated B2B payment method is used (exempt)

To enable or not enable? This really depends on your business. Just because you can make certain transactions exempt doesn’t always mean you should.

5

Monitor and optimise performance. It is crucial to continuously monitor performance and make updates as and when needed. Tips for optimising your 3DS2 flow include:

  • Monitoring approval rates Keeping an eye on your approval rates will be a key indicator if your flow is working well or needs adjusting. If you begin to notice a decrease in your approval rates, speak to your payment provider to explore possible causes and a solution.
  • A / B testing
    It can be tricky to find that balance between security and user experience. A / B testing can help determine which authentication methods and flows give the best conversion rates while keeping your transactions secure.
6

Stay compliant with regulations. Regulations regarding online payments and customer authentication are regularly updated, and can vary region by region. To remain compliant:

  • Understand local requirements Ensure that your 3DS2 implementation meets the specific requirements of the regions where your business is operating.
  • Update, as and when, regulations evolve
    It is important to stay informed and update your flows accordingly. Work with a payment provider that will keep you up-to-date with regulatory changes and ensure that you stay compliant.

By following these best practices, you can ensure that your 3D Secure 2 implementation will be both effective and customer-friendly.



Updated 03 Feb 2025
Did this page help you?
PREVIOUS
Liability Shift
NEXT
Simulate 3D Secure Test Flows
Docs powered by Archbee