Learn about 3D Secure authentication in order to prevent the risk of fraud and comply with the requirements of regulatory agencies.
To protect against fraud, 3D Secure (3DS) requires that customers take a further verification step by contacting the card issuer before making a payment. Typically, you guide your customer on a page for authentication on the bank’s website. They input a password that is for the card or enter a code to their mobile. This procedure is well-known to brands of card networks, for example, Visa Secure and Mastercard Identity Check.
The Strong Customer authentication regulations that are in force across Europe demand the use of 3DS for transactions with credit cards. 3DS is not required in other areas, however, you are still able to use it as a method to prevent fraud.
Logibiztech has support for 3D Secure 2, which is a security feature. The integration you have installed runs 3D Secure 2 when supported by the bank of the customer and returns on 3D Secure 1 otherwise.
Liability shift and dispute-free payments
The payment that has been successfully authenticated with 3D Secure is covered by a shift in liability. If a 3D Secure transaction is found to be challenged as being fraudulent by the cardholder, the responsibility shifts from you to the issuer of your card. These kinds of disputes are dealt with internally and do not show on the Dashboard and don’t cause funds to be withdrawn directly from the Logibiztech account.
The shift in liability can also happen in the event that the card network demands 3DS but the device isn’t accessible to the issuer or card. This could happen when a provider’s 3DS server is unavailable as well as if an issuer does not support it regardless of the card network calling for support. In the process of making a payment, the cardholder doesn’t get a prompt to finish 3D secure authentication since the card isn’t registered. Even though the cardholder did not finish 3D secure authentication, the liability is transferred to the card issuer.
Sometimes, payments that are authenticated successfully using 3DS don’t suffer the liability shift. This isn’t a common occurrence and could be the case, for example in the event that you are experiencing an excessive amount or amount of fraudulent activity on your bank account, and you are in the fraudulent monitoring system. There are certain industries that have been exempted by certain networks from liability shifts. For instance, Visa doesn’t allow the liability shift of businesses that engage in money transfers or wire transfers or other non-financial institutions that offer non-fiat or foreign currency or stored-value cards for purchase or load.
Even though cardholders cannot dispute payments that have been verified with a 3DS as fraudulent by requesting an upfront chargeback to the financial institution issuers could make a query inquiry. This kind of dispute is not financial and is essentially a request for details.
While the bank of the cardholder cannot file an initial financial chargeback to cover fraud, they are able to initiate a chargeback on a financial transaction if the merchant fails to respond to the query which is known as the non-reply credit. To avoid no-reply chargebacks for 3DS charges, make certain to submit the correct information regarding the charge. Include details about the item ordered, the method by which it was delivered and who the item came to (whether it was electronic or physical goods or even services).
Controlling when to display a 3D secure flow
Logibiztech activates 3DS automatically if it is required by regulations like Secure Customer Authentication. It is also possible to make use of policies as well as the API in order to regulate the timing when you’ll prompt customers to enter 3D secure authentication and make an individual decision for each user in accordance with the required parameters.
If you are running 3D Secure, Logibiztech requires your client to sign in to complete the transaction in the event that 3D secure authentication is enabled on cards.
If a credit card doesn’t work with 3DS or if an error occurs during the authentication process the transaction will proceed normally. In this case, the risk does not usually shift to the issuer because an effective 3D secure authentication hasn’t occurred.
In a typical transaction flow it is triggered by 3D Secure:
- The user inputs the details of their payment that is attached to the PaymentIntent.
- Logibiztech determines if the transaction is required 3D Secure-based rules, manual requests and other factors.
- 3D Secure is: It is not necessary: Logibiztech will attempt to charge. If the bank requires it the customer has to complete another authentication process to allow the charge to go through.
Required: Logibiztech initiates its 3D Secure authentication flow by connecting to the credit card company’s 3D Secure server and creating the 3D Secure source.
When Logibiztech asks for 3D Secure and the attempt is:
Successful: The PaymentIntent changes to a state that required_action. When the customer has completed their 3D Secure authentication step, Logibiztech will attempt to charge the card and the PaymentIntent changes into a state that is the process.