3D Secure (3DS) with xMoney

3D Secure (3DS) is an additional authentication layer designed to protect online card payments from fraud, and is often required under the EU’s PSD2 (Payment Services Directive 2) for Strong Customer Authentication (SCA). By verifying a cardholder’s identity before the transaction is processed, 3DS helps reduce chargebacks and liability for fraudulent charges. xMoney supports the latest version, 3D Secure 2, which offers smoother user flows (frictionless) and a more dynamic challenge process when necessary.

Key Concepts

Frictionless Flow

In a frictionless flow, the cardholder is transparently authenticated in the background without needing extra input. This is possible if the issuer has enough data to trust the transaction. The shopper proceeds with payment seamlessly, often unaware that 3DS checks have taken place.

Challenge Flow

When the issuer (bank) or xMoney’s risk checks determine that additional verification is needed, the shopper is presented with a challenge (e.g., entering a one-time password or using a banking app). This ensures the person making the purchase is truly the cardholder.

Liability Shift

Successful 3DS authentication can shift liability for fraudulent transactions from the merchant to the card issuer. This protects you, the merchant, from certain types of chargebacks.

How 3DS Works in xMoney

  1. Payment Initialization

The customer starts a payment on your site or app.

  1. 3DS Determination

xMoney checks whether the card and transaction require 3DS.

  • If 3D Secure is not needed, the transaction proceeds without interruption.
  • If 3DS is needed, xMoney attempts a frictionless flow first.
  1. Frictionless or Challenge
  • Frictionless: The issuer trusts the transaction based on background data; no additional input is required from the shopper.
  • Challenge: The shopper must confirm their identity (e.g., by entering a code or using biometric authentication).
  1. Authorization
  • If authentication is successful (challenge passed or frictionless granted), xMoney proceeds with authorization.
  • If authentication fails or times out, the payment is typically declined.
  1. Completion
  • The shopper is redirected back to your success or failure page.
  • xMoney notifies your system of the final status via webhooks or direct response.

3DS Challenge Flow Chart

Below is a simplified representation of the challenge flow (3DS2):

3DS Flow3DS Flow

Implementation Tips

  1. Use Our API: Ensure you capture any 3DS parameters required by xMoney when creating a payment session.
  2. Handle Callbacks & Webhooks: Watch for 3DS-specific events and final status updates (e.g., success or failure).
  3. Optimize for Frictionless: Provide comprehensive shopper and transaction data to xMoney so the issuer can confidently approve transactions without a challenge, whenever possible.
  4. Challenge UX: Provide clear instructions for the shopper when a challenge is triggered to avoid confusion or drop-offs.

Conclusion

Implementing 3D Secure with xMoney helps you reduce fraud and potentially shift liability for unauthorized transactions. Although 3DS can introduce extra steps for customers, the frictionless flow in 3D Secure 2 allows many transactions to proceed seamlessly. For more details on integrating 3DS, handling responses, and best practices, consult our developer documentation and ensure you’re prepared for both frictionless and challenge scenarios.