🛡️ 3DS

What is 3DS?

3D Secure (3DS) is a security protocol used to enhance the security of online credit and debit card transactions. It adds an additional layer of authentication for card transactions, designed to protect against fraud.

Players Involved in 3DS

1. The merchant accepting the payment
2. The bank that issued the card to the cardholder
   The issuer is responsible for verifying the cardholder's identity during the 3D Secure authentication process
3. The payment networks
   Payment Networks like VISA, Mastercard, Amex, facilitate communication between all players involved

How does it work?

When an end-user submits a purchase, the payment network sends data about the purchase to Coinflow who forwards it to the issuer. This data could include the purchase value, transaction location, and other parameters associated with the user and the attempt for purchase. The issuing bank analyzes the risk of the transaction and decides whether to proceed with a frictionless or friction challenge. The bank's decision is sent back through the payment network to the merchant, which then displays the challenge to the end-user if required.

Frictionless Challenge

In a frictionless challenge, the bank uses the end-user's personal and purchase data to authenticate the transaction without user intervention. The user may not notice the authentication process, as the bank uses parameters such as location and previous transaction history to automatically validate the transaction. If authenticated, the bank sends approval back through the payment network, and the user can proceed with the purchase.

Friction Challenge

In a friction challenge, the banks require users to participate in the challenge to authenticate the purchase. The challenge may involve one or more authentication methods. Examples of what the banks will prompt the user to complete include:

• One-Time Passwords (OTP)
• Biometric Verification such as fingerprint or facial recognition
• Knowledge-Based Authentication where the cardholder answers security questions

Liability

If the end-user successfully completes the 3DS authentication process, or if they attempt to authenticate but is unable to complete the process due to issues from the issuing bank side, they assume the liability of the transaction if a chargeback is raised.

Enabling 3DS Purchases Above a Certain Threshold

Coinflow gives Merchants the ability choose a threshold to enable 3ds on purchases. When this is configured, 3ds challenges will only be triggered for purchases with amounts (after all fees) are at or above this threshold. Reach out to the Coinflow team if you'd like this enabled on your account.

How does 3DS work with Chargeback Protection?

After a user completes a 3DS challenge, the results are passed along to the chargeback protection provider. Chargeback protection offers an additional layer of fraud protection. The issuing bank only assumes liability for purchases classified under specific fraud codes. If a chargeback is raised and the dispute is not fraud-related, the issuing bank does not assume liability, and the chargeback protection provider will cover it.

Merchants opting for both 3DS and chargeback protection can override chargeback protection decisions with 3DS results. If a user passes a 3DS challenge but the chargeback protection decision rejects, the 3DS result can take precedence over the chargeback protection rejection so that the user can proceed with their purchase.

Benefits of 3D Secure

✅ Reduced Fraud
Additional authentication requirements with 3DS makes it harder for unauthorized users to make purchases with stolen card information

✅ Liability Shift
When 3D Secure is used, the liability for fraudulent chargebacks shifts from the merchant to the card issuer, providing merchants with additional protection

✅ Increased Customer Trust
Customers receive a sense of security, knowing that their transactions are protected

FAQ

Resources

• Example of Friction Challenge
• Example of Frictionless Challenge
• Chargeback related codes
• About Frictionless Challenges