3DS and PSD2

Owned by Sara Jacobs
Last updated: Jan 03, 2024
3 min read

An overview of 3DS Checks and Payment Services Directive 2 (PSD2)

PSD2 is a regulatory requirement intended to increase protection against fraud for online purchases.

What is 3DS?

3DS (Three-Domain Secure) checks, also referred to as 3D Secure checks, are an additional layer of security for eCommerce payments. This protocol is specifically designed to authenticate the cardholder during online transactions.

The purpose of 3DS checks is to reduce the risk of fraudulent transactions and provide increased security for both merchants and cardholders. Whenever a customer makes an online payment, the 3DS process verifies the transaction by authenticating the cardholder's identity. It does so by utilizing a combination of information and authentication methods.

Here's a brief overview of how 3DS checks work:

  1. Initiation: When a customer proceeds to make a payment on an eCommerce website, the merchant's payment gateway initiates the 3DS process.

  2. Redirection: The customer's payment is redirected to the card issuer's authentication page, which may involve a pop-up window or a redirect to a separate webpage.

  3. Authentication: The cardholder is prompted to provide additional information for authentication. This can include a One-Time Password (OTP), a PIN, or biometric verification, depending on the card issuer's implementation.

  4. Authorisation: The card issuer validates the authentication information provided by the cardholder and sends a response back to the merchant indicating whether the transaction is authorized or requires further action.

  5. Completion: The merchant's payment gateway receives the authorisation response from the card issuer. Based on this response, the transaction is either completed, declined, or marked for additional review.

Merchants can reduce their liability for chargebacks and avoid fraudulent transactions by implementing 3DS checks. This method provides an additional layer of protection by confirming the identity of the cardholder, making it more challenging for unauthorized individuals to make fraudulent payments.

It's important to note that the implementation and requirements of 3DS checks may vary based on the card issuer, payment gateway, and the version of 3DS used (such as 3DS1 or 3DS2). Our payment gateway uses 3DS2.

What is PSD2?

Payment Services Directive 2 is the latest version of regulations for the card payments industry in the European Economic Area (EEA). The directive aims to increase the safety of cardholder data, especially for online transactions.

What's the deadline for the enforcement of these regulations?

The deadline for ECOM payments without customer authentication is March 2022. Any such payments will be declined automatically.

What do I need to do?

Suppose you accept card payments with physical terminals to complete face to face transactions. In that case, these should already be compliant with PSD2 through the use of Chip + Pin payments and Contactless Payments (including Apple Pay and Android Pay etc.). No further action is needed at this time.

 

If you accept payments online through a sales platform or payment gateway (e.g. Blink, Sage Pay, Acturis, Realex), you need to make sure your web transactions are set up 3DSecure authentication checks. This should come up as part of every transaction's authorisation details. If you do not currently have these checks in place, please contact your gateway provider to get this updated.

 

Over the phone, (often called MOTO- mail order/telephone order) transactions are exempt from this directive. To increase the security of your MOTO payments, please ensure you are set up for address checking and security code checking. These are often called AVS (Address Verification Service) and CVV/2 (Card Verification Value) checks on a virtual terminal. You may need to add these in as a rule for your MOTO transactions if accepted through a virtual terminal or ask your terminal provider to adjust the settings of your physical terminal to add in address and postcode checks.

Contact our support team, if you have any questions.

 

What do I need do to if I use Blink?

For ECOM payments via Blink (Bink Page or Pay Links), we have mass enrolled all of our merchants for 3DS checks.

What do I need to do if use Opayo/Sagepay?

Although Opayo have mass-enrolled all merchant IDs under us, for 3DS checks. This does not, however, mean that they are turned on - as merchants have full control over their own 3DS settings in Opayo. To amend the 3DS checks, follow the steps advised in the following link: https://www.opayo.co.uk/support/28/36/activating-adding-a-3d-secure-rule.

Don’t hesitate to reach out to our support team if you have any additional questions.