3D Secure 2 Payment Flow
In the 3D Secure 2 payment flow, the Issuer will make a decision on whether they have enough authentication data to proceed with the transaction, or if they require the cardholder to further authenticate the transaction with additional Strong Customer Authentication (SCA) checks.
The following example takes you through the payment flow using paymentSession to authenticate the transaction.
Create a /paymentsession. Use the reference returned from the response to populate the request header in Step 2.
Send the authorisation request with the /payments request header, populated with the reference received in the /paymentsession response. This step:
- Checks if the card is enrolled to support 3D Secure 2.
- Gathers the Device and Card Details.
The response will determine whether:
- The consumer is challenged for additional information.
- The consumer is not challenged, the transaction continues and the consumer is re-directed to the outcome screen.
If the consumer is challenged in order to process the transaction, the 3D Secure 2 challenge screen is presented to the consumer to enter a code or password.
- You will be notified via your webhook URL when the consumer has successfully completed the challenge screen.
- Resume the transaction flow by calling the /resume3ds endpoint.
Authorisation complete. The consumer is redirected to the outcome screen.
3D Secure 2 introduces frictionless authentication.
The transaction to be approved without the need for the cardholder to enter additional authentication details.
The acquirer, issuer, and card scheme are able to exchange the necessary information in the background, using the device data.
If additional SCA checks are required from the cardholder, the transaction will follow the challenge flow.
An iframe (or similar prompt) will be presented to the cardholder to input additional authentication (something the cardholder knows, has or is),
