Conceal or skip 3-D Secure
The SCA guidelines come with a set of features that allow you to:
- Implement the authentication step as a background process (the so-called frictionless flow), making it imperceptible for your customers. If needs be, you can also request the full authentication process (the so-called challenge flow).
- Skip 3-D Secure altogether if certain conditions are met. We offer various features that allow this.
Learn here how to implement these features in a safe and compliant way.
Challenge/Frictionless flow
Whenever you send a card transaction request to our platform, two 3-D Secure authentication scenarios are possible:
-
Frictionless flow: You have provided enough information in the mandatory/recommended/optional properties about the cardholder in the transaction request itself. Hence, the cardholder’s issuer considers the risk of a fraudulent use of the credit card in question low. Consequentially, your card holder does not have to authenticate her/himself at the issuer’s site: There is no redirection to the issuer from our secure payment page (for Hosted Checkout Page transactions) or your check-out page (for Hosted Tokenization Page/Server-to-Server/Mobile integration method). By skipping this step in the transaction flow, the overall payment experience becomes a lot smoother.
To enhance the chances of a frictionless flow, send as many recommended/optional properties in your request. Add optional parameter cardPaymentMethodSpecificInput.threeDSecure.challengeIndicator="no-challenge-requested" to your request.
However, some issuers will still insist the card holder authenticate her/himself. This will result in a challenge flow.
- Challenge flow: Regardless of what you have provided in the mandatory/recommended/optional properties about the cardholder, the issuer insist the cardholder authenticate her/himself. Consequentially, there is a redirection to the issuer from our secure payment page (for Hosted Checkout Page transactions) or your check-out page (for Hosted Tokenization Page/Server-to-Server/Mobile integration method).
In some cases (especially when creating a token for recurring payments), you might want to enforce yourself the challenge flow. Add optional parameter: cardPaymentMethodSpecificInput.threeDSecure.challengeIndicator=" challenge-requested" or "challenge-required" to your request.