3D Secure is an additional security layer for online credit and debit card transactions that adds an authentication step for customers making online purchases.
Enabling 3D Secure also allows you to accept credit cards that you could otherwise not accept due to restrictions (e.g. Maestro).
3D Secure is only compatible with credit card, debit card, and Visa Checkout transactions.
We currently support 3D Secure for most merchants in the US, Canada, Europe, Australia, and Asia Pacific regions. 3D Secure is not automatically enabled in production accounts for merchants outside of the EU. You can confirm if your account has been set up for 3D Secure in the Control Panel; learn more.
3D Secure is only compatible with certain configurations. If you’re unsure whether or not your configuration is compatible, contact us.
Most card brands have their own 3D Secure services. We support the following:
- Visa Secure and Verified by Visa
- American Express SafeKey
- Mastercard Identity Check and Mastercard Securecode
With Braintree, a 3D Secure Lookup is performed during the checkout process. If the cardholder is enrolled in 3D Secure, the issuing bank will decide whether the cardholder's identity can be verified using data supplied regarding the cardholder and their device, or if an additional authentication process is necessary. If additional authentication is necessary, the Braintree SDK will display a dialog box or iframe provided by the issuing bank that will prompt the cardholder to verify their identity. Identity verification mechanisms will vary per cardholder and issuing bank, but can include SMS one-time passcode, the issuing bank's mobile app, biometric recognition methods such as fingerprint or voiceprint, or other means.
3D Secure details and statuses for each transaction can be viewed in the Transaction Detail page in the Control Panel. The 3D Secure status code indicates whether or not the authenticated transaction resulted in a liability shift.
Depending on your pricing model, there may be an additional per transaction fee to process 3D Secure transactions. If you’re unsure which pricing model you’re on, contact us for fee information.
In certain cases, 3D Secure can shift liability for chargebacks due to fraud from you to the customer’s bank. Liability shifts for fraudulent chargebacks will be based on the transaction's status code. The following 3D Secure status codes will result in a liability shift:
You can learn more about these statuses in our developer docs.
In most instances, Maestro cards rely on using 3D Secure technology. While enabling 3D Secure does allow for more flexibility to accept Maestro cards, you can't use recurring billing with Maestro cards when 3D Secure is enabled.
Regardless of whether you have 3D Secure enabled on your account, you should never process a Maestro transaction by entering the card number directly in the Control Panel. Maestro transactions created in the Control Panel might initially appear to successfully settle, but they will eventually be rejected.
You can confirm that your account has been set up for 3D Secure in the Control Panel. To do this:
- Log into the Control Panel
- Click on the gear icon in the top right corner
- Click Business from the drop-down menu
- Scroll down to the Merchant Accounts section
- Click on the Merchant Account ID link for the account you'd like to verify
- If 3D Secure is successfully enabled, the following will be true:
- The 3D Secure 1.0 field will show as Enabled
- The 3D Secure 1.0 Card Types field will show the supported card type logos
American Express Safekey is not enabled automatically with 3D Secure, and is only available to merchants who process American Express via Amex Direct. Contact us to confirm your Amex setup and enable Safekey.
We have upgraded our 3D Secure integration in preparation for 3DS 2 and PSD2 Strong Consumer Authentication (SCA) compliance requirements.
Moving to 3DS 2 can help merchants transacting in the EU to increase conversions, meet SCA requirements, enhance fraud protection globally, and reduce friction during checkout for both web and mobile purchases. For more information, see the migration guide.