Authentication

Improving Authentication in your Payment Flow

In the 3D Secure 2 payment flow, the Issuer will make a decision on whether they have enough authentication data to proceed with the transaction, or if they require the cardholder to further authenticate the transaction with additional Strong Customer Authentication (SCA) checks.

The authentication request gathers the device and card details. Depending on the authentication data that is being sent, the response will determine whether:

  • The consumer is challenged for additional information.
  • The consumer is not challenged, the authentication is successful and the transaction continues.


Maximise the Frictionless Flow

To leverage the authentication data sent in your payment flow and maximise the chances of your consumers experiencing a frictionless payment, see below:

Data Points

Ensure that you’re collecting and sending all of the recommended data points. This includes:

  • Device Details
  • Browser IP address
  • Transaction history
  • Customer behaviour

As 3D Secure continues to evolve, updates are often made to the types of data points that need to be sent with every transaction. Keeping up to date with these changes can lead to higher approval rates and a better customer experience.

For more details on the mandatory data points, see Device Data Collection.



Recommended Fields

It is recommended to send the following parameters in every 3D Secure authentication request:

  • cardHolderName
  • emailAddress
  • mobileNumber


Exempt Transactions

Merchants can request specific Customer-Initiated-Transactions (CIT)s be exempt from strong customer authentication (EMV 3D Secure).

This has the benefit of reducing friction for your customers and related checkout drop-outs.

Judopay will not currently automatically apply for transaction exemptions on behalf of the merchant.

For more information on the available exemptions, see Exemptions to SCA.



Best Practices

Follow these best practices, to ensure that your 3D Secure 2 implementation will be both effective and customer friendly.

Step-Up Authentication

If an Issuer is unsure whether a transaction is legitimate, a transaction may be soft declined. To tackle this and improve approval rates, one feature you can benefit from is step-up authentication.

With step-up authentication, if a transaction is soft declined the customer can be prompted to provide additional information such as an OTP. This sends additional data to the Issuer to help prove that the cardholder is legitimate, allowing the transaction to proceed successfully. Tips for step-up authentication:

  • Offer multiple authentication methods
    Provide customers with a variety of authentication options, such as SMS, OTP etc. This flexibility ensures that customers can complete the authentication in a way that is most convenient for them.
  • Optimise the step-up flow
    Ensure that the step-up flow is as seamless as possible. This means optimising the UI for mobile devices, reducing load times, and providing clear instructions to the customer.


Optimise for Mobile

With the rise of mobile and app commerce, it is critical that your 3DS2 flow is optimised for mobile devices. This isn’t just about making sure that your payment page is responsive, it is ensuring that the entire authentication flow is smooth and user-friendly on smaller screens. Considerations for mobile optimisations include:

  • In-app authentication Do you have a mobile app? Consider implementing in-app 3DS2 authentication. This approach keeps the customer within the app during the authentication process, reducing the risk of drop-off.
  • Test across multiple devices
    Ensure that the 3DS2 flow works smoothly across a wide range of devices and operating systems.


Monitor and Optimise Performance

It is crucial to continuously monitor performance and make updates as and when needed. Tips for optimising your 3DS2 flow include:

  • Monitoring approval rates Keeping an eye on your approval rates will be a key indicator if your flow is working well or needs adjusting.
  • A / B testing
    It can be tricky to find that balance between security and user experience. A / B testing can help determine which authentication methods and flows give the best conversion rates while keeping your transactions secure.


Stay Compliant with Regulations

Regulations regarding online payments and customer authentication are regularly updated, and can vary region by region. To remain compliant:

  • Understand local requirements Ensure that your 3DS2 implementation meets the specific requirements of the regions where your business is operating.
  • Update, as and when, regulations evolve
    It is important to stay informed and update your flows accordingly. Work with a payment provider that will keep you up-to-date with regulatory changes and ensure that you stay compliant.



Updated 24 Feb 2025
Did this page help you?
PREVIOUS
How 3D Secure Works
NEXT
Exemptions to SCA
Docs powered by Archbee