3DSecure
3DSecure
WARNING
This article is incomplete. It may change significantly without any notice, so don't rely on any content you find here yet. Please check back later.
3D Secure (3DS, Three-Domain Secure) is a messaging protocol developed by EMVCo to provide a more secure online card payment process. TODO: Describe the legislative restrictions. If the card is enrolled into 3DS authentication additional information is required to decide whether the purchase is fraudulent or not. There are two different versions of the protocol:
- 3D Secure 1. version TODO: Describe the v1 process in a few words.
- 3D Secure 2. version is more sophisticated and uses additional information about the purchase, the shop and the cardholder to make the decision. This requires more input data but provides better flow with less friction.
TODO: Describe the deadlines and project milestones, when will what be available.
The payment follows these steps:
- The customer checks out from the merchant's website and decides to pay for the goods via Barion.
- Customer is redirected to the Barion Smart Gateway.
- Customer inputs it's card information and clicks the Pay button. (Until this point nothing changed)
- Barion checks whether the card the customer used is protected with 3DS authentication. The card could be either protected or not. If the card is not protected then nothing changes, the card authorization (charge) goes along as it would normally.
- If the card is protected
- with 3DS authentication v1.0, the v1 flow will be started:
- TODO: Describe the v1 process steps
- with 3DS authentication v2.0, the v2 flow will be started:
- Barion starts the 3DS authentication in the background. Sends a lot of relevant information about the purchase to the card issuer. From this information the issuer decides whether the payment is secure or should the customer be
- with 3DS authentication v1.0, the v1 flow will be started:
3D Secure 1.0
TODO: Describe the process
The second version of the protocol is meant to address the friction in the flow