🛡️ 3DS

Learn how 3DS can enhance security of card transactions.

What is 3DS?

3D Secure (3DS) is a security protocol used to enhance the security of online credit and debit card transactions. It adds an additional layer of authentication for card transactions, designed to protect against fraud.

Players Involved in 3DS

  1. The merchant accepting the payment
  2. The bank that issued the card to the cardholder
    The issuer is responsible for verifying the cardholder's identity during the 3D Secure authentication process
  3. The payment networks
    Payment Networks like VISA, Mastercard, Amex, facilitate communication between all players involved

How does it work?

When an end-user submits a purchase, the payment network sends data about the purchase to Coinflow who forwards it to the issuer. This data could include the purchase value, transaction location, and other parameters associated with the user and the attempt for purchase. The issuing bank analyzes the risk of the transaction and decides whether to proceed with a frictionless or friction challenge. The bank's decision is sent back through the payment network to the merchant, which then displays the challenge to the end-user if required.

Frictionless Challenge

In a frictionless challenge, the bank uses the end-user's personal and purchase data to authenticate the transaction without user intervention. The user may not notice the authentication process, as the bank uses parameters such as location and previous transaction history to automatically validate the transaction. If authenticated, the bank sends approval back through the payment network, and the user can proceed with the purchase.

Friction Challenge

In a friction challenge, the banks require users to participate in the challenge to authenticate the purchase. The challenge may involve one or more authentication methods. Examples of what the banks will prompt the user to complete include:

  • One-Time Passwords (OTP)
  • Biometric Verification such as fingerprint or facial recognition
  • Knowledge-Based Authentication where the cardholder answers security questions


If the end-user successfully completes the 3DS authentication process, or if they attempt to authenticate but is unable to complete the process due to issues from the issuing bank side, they assume the liability of the transaction if a chargeback is raised.

Enabling 3DS Purchases Above a Certain Threshold

Coinflow gives Merchants the ability choose a threshold to enable 3ds on purchases. When this is configured, 3ds challenges will only be triggered for purchases with amounts (after all fees) are at or above this threshold. Reach out to the Coinflow team if you'd like this enabled on your account.

How does 3DS work with Chargeback Protection?

After a user completes a 3DS challenge, the results are passed along to the chargeback protection provider. Chargeback protection offers an additional layer of fraud protection. The issuing bank only assumes liability for purchases classified under specific fraud codes. If a chargeback is raised and the dispute is not fraud-related, the issuing bank does not assume liability, and the chargeback protection provider will cover it.

Merchants opting for both 3DS and chargeback protection can override chargeback protection decisions with 3DS results. If a user passes a 3DS challenge but the chargeback protection decision rejects, the 3DS result can take precedence over the chargeback protection rejection so that the user can proceed with their purchase.

Codes the card issuing bank will assume liability for.  
Takeaways by [PAAY](https://www.paay.co/)

Codes the card issuing bank will assume liability for.
Takeaways by PAAY

Overriding Chargeback Decisions with 3DS

By default, any purchase with a rejected chargeback protection status will be overridden by a 3ds decision. This is only valid for merchant accounts that have opted in for chargeback protection. Merchants can request to disable this default override setting. Reach out to the Coinflow team for further assistance.

Benefits of 3D Secure

Reduced Fraud
Additional authentication requirements with 3DS makes it harder for unauthorized users to make purchases with stolen card information

Liability Shift
When 3D Secure is used, the liability for fraudulent chargebacks shifts from the merchant to the card issuer, providing merchants with additional protection

Increased Customer Trust
Customers receive a sense of security, knowing that their transactions are protected


Why don't I see a 3DS badge next to a purchase that was rejected by chargeback? If you have not requested to disable 3DS overrides and you see a purchase that has been rejected by chargeback, the end-user has abandoned the challenge. Thus, no 3DS decision has been made and can't override the rejection.

How do I know if a 3ds purchase went through a friction or frictionless challenge? 3DS purchases will have a 3DS badge next to the status.
If you see a magic wand (🪄), that means the 3Ds authentication was frictionless.
The sword (⚔️) means that it was a friction challenge and that the user passed the challenge.