3-D Secure Flows

Drawing
All 3-D Secure flows has the following steps, some of them don’t need validation, some of them need it.

  • Setup: The initial service response includes a JSON Web Token (JWT) for secure communication with the merchant, a reference ID for use during authentication, and a URL for sending device data collected in the subsequent step.

  • Capture: Upon receiving device data at the specified URL, the protocol uses a Method URL to capture the full card number for bank identification. A small, invisible iframe is created in the browser, through which the merchant transmits the customer's device data using the provided access token.

  • Enroll: The bank conducts a risk assessment, leading to one of three outcomes:

    • Frictionless success for low-risk scenarios

    • Challenge required for moderate-risk scenarios

    • Frictionless failure or decline for high-risk scenarios

  • Validation: A validation check confirms the customer's successful authentication. This step is skipped for frictionless authentication and is only needed when additional verification (step-up authentication) is required.

  • Authorization: Once the customer is authenticated, the merchant must obtain authorization from the bank to finalize the transaction. (Is the authorization used in the Payments API, adding the enrollment data obtained).

PreviousHow to use itNextSuccessful Frictionless Authentication

Last updated

Was this helpful?