3-D Secure is a term for a group of systems, that increases the security in the payment process.
In most cases 3-D Secure is an extra step, where the cardholder enters a number, sent to their mobile phone as a part of the purchase.
The technology 3-D Secure is marketed under names such as, “Mastercard SecureCode”, “Verified by Visa” and “Secured by Nets” for Mastercard, Visa and Dankort.
3-D Secure acts as an extra layer of security for the merchant, that to a greater extent can make sure that the buyer is the actual cardholder. For Mastercard SecureCode og Verified by Visa there is also a liability shift, where it becomes the cardholders responsibility in the case of a chargeback.
No extra agreements need to be made, with neither Quickpay or the acquirer to use 3-D Secure.
Payment without 3-D Secure
Payment with 3-D Secure
There are two ways to set up 3-D Secure
With payment methods all payments are redirected to 3-D Secure. Payment methods are set through the settings in your integration (e.g. module-settings or in the actual code) or through Default payment methods in the Quickpay Manager.
With fraud filter it is possible to set up rules, that define when a payment should be redirected to 3-D Secure. This is set up through the Quickpay Manager.
“Payment methods” controls which payment methods that are available in the payment window.
By settings “3d” before the payment method, all payments will automatically be send through 3-D Secure. For example, if all card payments should go through 3-D Secure
"payment_methods" = "3d-creditcard"
In most shop systems there is a field in the Quickpay module settings to specify the payment methods.
If it is not possible to set up the payment methods in your integration, you can set up a default value that will be used if no other is specified.
This can be done in the Quickpay Manager, under Settings > Integration
Using the Fraud filter it is possible to set up rulesets, that specify if a payment should be sent through 3-D Secure.
This can be done by setting the action to “Force 3-D Secure”
Regularly, 3-D Secure requires the cardholder to confirm their identity in the payment flow. This is however not always the case.
If e.g. the card issuer (the cardholders bank) does not support 3-D Secure, the payment can still be authorized as a 3-D Secure payment, without the cardholder’s identity being confirmed. In most cases there will still be a liability shift, where the responsibility instead will shift to the card issuer.
"3d_secure_status": "Y" means that the cardholder has confirmed their identity.
"3d_secure_status": "A" means that 3-D Secure has been attempted and completed, but the cardholder has not confirmed their identity.
Even though MobilePay Online actually is an 2 way authentication, it is not part of the 3-D Secure term.
If you are using Shopify it is necessary to use Quickpay’s payment window to use 3-D Secure. Shopify’s own payment window cannot handle 3-D Secure.