Guides

3D Secure (3DS)

Reduce online payment fraud by authenticating cardholders with 3D Secure (3DS)

Suggest Edits

📘

3DS is in private beta

If you are interested in using 3DS, or want help with reducing fraud and chargebacks, please contact Rainforest Support.

What is 3D Secure?

3D Secure, also known as "3DS", is an authentication protocol that can help prevent fraud and chargebacks. When using 3DS, the cardholder is authenticated before they make a card payment. As a result, the platform is protected from chargebacks claiming that the card was used fraudulently.

User experience

In the newest version of 3DS, also called 3DS2, the customer always stays on your webpage. In many cases, they can be frictionlessly authenticated without requiring any cardholder action. In other cases, a 3DS challenge via a modal dialog will open over your page so that the customer can authenticate to their bank. Usually, the bank sends them a text message with a one-time passcode to enter into the modal.

Tradeoffs

While 3DS can be useful in preventing fraud and chargebacks, it also comes with several tradeoffs:

  • Each 3DS attempt, regardless of if the transaction is successful, incurs a cost from the card network and 3DS provider. You can pass these costs on to your merchants.
  • Some customers may abandon the authentication process or not be able to complete it, which may impact the conversion rate of your payments flows.
  • Not every bank and cards (including many international cards) support 3DS, so if you want to get fraud protection on all of your transaction, you may have to turn away some customers. Our strategy is to attempt 3DS authentication, but then fall back to a normal card payment when it isn't available.
  • The liability shift is limited to chargebacks with fraud reason codes only. Liability shift would not occur for other chargeback reason codes (ex: merchandise / service not received).

How 3DS works

When 3DS is requested, Rainforest will make a best-effort attempt to process a payin with 3DS protection.

Processing with 3DS protection

There are two scenarios Rainforest will attempt to process a payin with 3DS protection:

  1. Frictionless success - the request is authenticated frictionlessly without requiring any action from the cardholder.
  2. Challenge succeeded - the cardholder is presented with a 3DS challenge that they must complete successfully in order to continue with processing.

Once the 3DS attempt succeeds, Rainforest will continue to attempt to process the payin with 3DS protection. The payin will either successfully process or fail for other reasons. 3DS protection does not guarantee that the payin will process successfully.

Processing without 3DS protection

There are various scenarios when 3DS fails due to a frictionless failure, but the payment flow will continue to process without 3DS protection:

  1. Network issues
  2. Issuer does not support 3DS
  3. Card brand does not support 3DS
  4. Merchant not onboarded for 3DS

Once the 3DS attempt fails due to a frictionless failure, Rainforest will continue to attempt to process the payin without 3DS protection. As stated above, the payin will either successfully process or fail for other reasons.

3DS challenge failed

If the cardholder is presented with a 3DS challenge but they fail the challenge, then Rainforest will not attempt to process the payin and will immediately create a payin with the status of Failed.

The payin will include the following to indicate the cardholder failed the challenge:

  • Status: Failed
  • Refusal code: THREEDS_CHALLENGE_FAILED
  • Refusal desc: 3DS challenge failed.

The cardholder will be presented with an error message and asked to try again. You can attempt to process the payin again with the same payin config.


How merchants are onboarded to 3DS

Sandbox

In sandbox, all merchants are automatically onboarded to 3DS. If 3DS is requested, then a simulated 3DS challenge flow will display in the Payment Component.

Production

In production, each merchant will need to be onboarded to 3DS by Rainforest. Contact your Customer Success Manager for more information on this process.

The merchant is onboarded to each card brand for 3DS processing. The onboarding process is an asynchronous process that does not provide real time feedback when the onboarding request is completed. The only indicator that a merchant was successfully onboarded to the card brand is when 3DS is attempted and succeeds.

American Express, Discover, Mastercard

The merchant will be boarded to American Express, Discover, and Mastercard typically within 1-2 business day of the merchant activating.

Visa

The merchant will be boarded to Visa once the merchant has met certain requirements by Visa. Boarding time to Visa is typically 2-4 weeks after the merchant is activated and processing Visa payments.

Merchant onboarding details

The merchant 3DS onboarding details can be viewed in the Rainforest Portal under the 3DS Onboarding section in the merchant details and in the API on the get merchant endpoint. The following details will be provided for each card brand:

  • Onboarded: date and time the merchant was boarded to the card brand
  • Verified: date and time the merchant successfully ran 3DS with the card brand for the first time
3DS onboarding details seen on the merchant details

3DS onboarding details seen on the merchant details

Merchant pending onboarding

If 3DS is requested but the merchant is not boarded to 3DS for that card brand, Rainforest will continue to run the payment without 3DS protection.


How to enable 3DS

3DS for card payments

→ Head over to the 3D Secure card payments guide on how to process payments with 3DS protection utilizing the Rainforest Payment Component.

3DS for payins on stored payment methods

→ Head over to the 3D Secure for stored payment methods guide on how to run 3DS when processing payments on stored payment methods.

Updated about 1 month ago

What’s Next