marcopolo Online payment
Sign up

The SCA guidelines come with a set of features that allow you to:

  • Implement the authentication step as a background process (the so-called frictionless flow), making it imperceptible for your customers. If needs be, you can also request the full authentication process (the so-called challenge flow).
  • Skip 3-D Secure altogether if certain conditions are met. We offer various features that allow this.

Learn here how to implement these features in a safe and compliant way.

Challenge/Frictionless flow

Whenever you send a card transaction request to our platform, two 3-D Secure authentication scenarios are possible:

  • Frictionless flow: You have provided enough information in the mandatory/recommended/optional properties about the cardholder in the transaction request itself. Hence, the cardholder’s issuer considers the risk of a fraudulent use of the credit card in question low. Consequentially, your card holder does not have to authenticate her/himself at the issuer’s site: There is no redirection to the issuer from our secure payment page (for Hosted Checkout Page transactions) or your check-out page (for Hosted Tokenization Page/Server-to-Server/Mobile integration method). By skipping this step in the transaction flow, the overall payment experience becomes a lot smoother.

    To enhance the chances of a frictionless flow, send as many recommended/optional properties in your request. Add optional parameter cardPaymentMethodSpecificInput.threeDSecure.challengeIndicator="no-challenge-requested" to your request.

    However, some issuers will still insist the card holder authenticate her/himself. This will result in a challenge flow.

  • Challenge flow: Regardless of what you have provided in the mandatory/recommended/optional properties about the cardholder, the issuer insist the cardholder authenticate her/himself. Consequentially, there is a redirection to the issuer from our secure payment page (for Hosted Checkout Page transactions) or your check-out page (for Hosted Tokenization Page/Server-to-Server/Mobile integration method).

    In some cases (especially when creating a token for recurring payments), you might want to enforce yourself the challenge flow. Add optional parameter:  cardPaymentMethodSpecificInput.threeDSecure.challengeIndicator=" challenge-requested" or "challenge-required" to your request.

Was this page helpful?

Do you have any comments?

Thank you for your response.