marcopolo Online payment
Sign up

Conceal or skip 3-D Secure authentication

The SCA guidelines come with a set of features that allow you to:

  • Implement the authentication step as a background process (the so-called frictionless flow), making it imperceptible for your customers. If needs be, you can also request the full authentication process (the so-called challenge flow).
  • Skip 3-D Secure altogether if certain conditions are met. We offer various features that allow this.

Learn here how to implement these features in a safe and compliant way.

Implement Challenge/Frictionless flow

Whenever you send a card transaction request to our platform, two 3-D Secure authentication scenarios are possible:

  • Frictionless flow: You have provided enough information in the mandatory/recommended/optional properties about the cardholder in the transaction request itself. Hence, the cardholder’s issuer considers the risk of a fraudulent use of the credit card in question low. Consequentially, your card holder does not have to authenticate her/himself at the issuer’s site: There is no redirection to the issuer from our secure payment page (for Hosted Checkout Page transactions) or your check-out page (for Hosted Tokenization Page/Server-to-Server/Mobile integration mode). By skipping this step in the transaction flow, the overall payment experience becomes a lot smoother.

    To enhance the chances of a frictionless flow, send as many recommended/optional properties in your request. Add optional parameter cardPaymentMethodSpecificInput.threeDSecure.challengeIndicator="no-challenge-requested" to your request.

    However, some issuers will still insist the card holder authenticate her/himself. This will result in a challenge flow.

  • Challenge flow: Regardless of what you have provided in the mandatory/recommended/optional properties about the cardholder, the issuer insist the cardholder authenticate her/himself. Consequentially, there is a redirection to the issuer from our secure payment page (for Hosted Checkout Page transactions) or your check-out page (for Hosted Tokenization Page/Server-to-Server/Mobile integration mode).

    In some cases (especially when creating a token for recurring payments), you might want to enforce yourself the challenge flow. Add optional parameter:  cardPaymentMethodSpecificInput.threeDSecure.challengeIndicator=" challenge-requested" or "challenge-required" to your request.

Find detailed information about these properties in our CreatePaymentAPI/CreateHostedCheckoutAPI.

To learn more about 3-D Secure statuses, read our dedicated article Understand 3-D Secure Statuses.

Was this page helpful?

Do you have any comments?

Thank you for your response.
Help & Info
API Info
Developer Tools
ANZ Worldline Payment Solutions means Worldline Australia Pty Ltd ACN 645 073 034 ("Worldline"), a provider of merchant solutions. Worldline is not an authorised deposit taking institution (ADI) and entry into any agreement with Worldline is neither a deposit nor liability of Australia and New Zealand Banking Group Limited ACN 005 357 522 ("ANZ") or any of its related bodies corporate (together "ANZ Group"). Neither ANZ nor any other member of the ANZ Group stands behind or guarantees Worldline.