3-D Secure, or 3DS for short, is supported by Visa (Verified by Visa), MasterCard (MasterCard SecureCode), American Express (SafeKey) and Diners Club (ProtectBuy). Merchants who offer the 3-D Secure procedure benefit from increased security as regards credit card acceptance and also suffer fewer payment defaults thanks to the liability shift. Here, it is not relevant whether the cardholder (CH) participates in the procedure or not.
The 3-D Secure procedure can only be used for online payments. Cardholders who participate in the procedure must identify themselves to the card-issuing bank (issuer) during the payment process.
Payments processed by the merchant using 3-D Secure must be specially marked. The liability shift only applies upon the relevant security features being sent to the credit card company with the authorization.
The Saferpay Merchant Plug-In, or MPI for short, supports the necessary interactions and the data exchange between the involved systems. The JSON API handles this step in automated fashion via the transaction interface (Initialize) and the payment page, so no additional integration work is required. The CH is authenticated using a web form, which is hosted by the issuer or a service provider acting on its behalf. The CH thus must have an Internet connection in order to complete the 3-D Secure authentication process.
- The merchant sends the credit card data to Saferpay together with the relevant payment data.
- Saferpay checks whether the CH participates in the 3-D Secure procedure or not. If the CH does, the CH is required to identify himself to his bank. Should the CH choose not to participate, the payment is made without the authentication process.
- The 3-D Secure query is forwarded to the card-issuing bank via the Internet browser of the CH. The CH must identify himself using a password, certificate or another method.
- The result of this check (authentication) is sent back to Saferpay via the client's Internet browser.
- Saferpay checks the result and ensures that there has been no manipulation. The payment can be continued upon the authentication process being successfully completed.
- Saferpay links the MPI data to the token used by the JSON API and automatically requests the data to enable the card to be authorized.