Let's Talk
Featured Partners

Celeris: Awarded MPE’s Best Payment Orchestration Platform of 2024

Learn how we built businesses for others

Verifi a visa solution

Verifi specializes in dispute management, aiding sellers in revenue retention and cost reduction from banks.

Ethoca

Ethoca provides award-winning fraud prevention, dispute resolution solutions and empowering global businesses with collaboration-based intelligence.

PayPal

PayPal is the faster, safer way to send and receive money or make an online payment. Get started and create a merchant account to accept payments.

Cybersource

Cybersource crafts innovative commerce solutions, delighting customers and driving global growth with creative experiences.

  • Resource
  • /
  • The Complete Guide to 3D Secure Authentication

Recommended Articles

Share This Post

The Complete Guide to 3D Secure Authentication

By Chinmay Jain on 11/07/2025

what is payment orchestration

Online payment fraud isn’t slowing down. As digital commerce scales, so do the risks of online payment fraud, according to a Juniper Research market forecast report on online payment fraud, predicting that merchants’ losses will exceed $360 billion by 2028 due to online payment fraud.

Yet, many businesses, especially e-merchants, still rely on outdated verification methods or none at all. This exposes them to security threats, data breaches, poor user experiences, and regulatory non-compliance, which can lead to fraud, chargebacks, false declines, and lost revenue.

That’s where 3D Secure (3DS) authentication comes into play. Developed and introduced by Visa and licensed to Mastercard, it adds an extra layer of security to all card transactions by enabling two-step verification through OTP, fingerprints, and facial recognition.

In this guide, we’ll explore everything one needs to know about 3D Secure Authentication, including what it is, how it works, and how the evolution from 3DS1 to 3DS2 has significantly impacted merchants dealing with fraud and compliance.

TL;DR: Everything You Need to Know About 3D Secure

What is 3D Secure? 3D Secure is a payment authentication protocol that adds an extra layer of security to online card transactions by verifying the cardholder’s identity through their bank.

Key Benefits:

  • It shifts fraud liability from merchants to card issuers for authenticated transactions.

  • Meets PSD2 Strong Customer Authentication (SCA) requirements in Europe.

  • It improves approval rates with 3DS2’s frictionless authentication (up to 85% of transactions).

  • It reduces online payment fraud by up to 70% (based on industry data from major payment processors).

Latest Version: 3DS 2.3.1 was released in October 2022, offering enhanced mobile support, improved risk analysis, and a better user experience compared to the legacy 3DS 1.

What Merchants Need to Know: 3DS2 implementation will be essential for merchants processing online payments in 2025, whether you operate an e-commerce store or subscription services. It provides improved security and regulatory compliance without lowering conversion rates.

What is 3D Secure?

3D Secure (3DS) is a payment authentication protocol created by the major card network Visa and also adopted by Mastercard. Its primary purpose is to help reduce online payment fraud. When enabled, it adds an extra layer of security (two-step verification) to card transactions, verifying the cardholder’s identity using methods such as one-time passwords (OTP), fingerprint, or facial recognition.

The “3D” in 3D Secure refers to the three domains involved in the authentication process:

  • Acquirer Domain The merchant’s bank or payment processor.

  • Issuer Domain The bank that issued the customer’s card.

  • 3DS Infrastructure Domain The card network (e.g., Visa, Mastercard)

How 3D Secure Works?

....

When a customer proceeds to checkout and makes a payment online, here’s what happens behind the scenes:

Step 1: Transaction Initiation: Customer enters card details and clicks “Pay”.

Step 2: Risk Assessment: The issuing bank analyses transaction data using machine learning algorithms to determine fraud risk.

Step 3: Authentication Decision:

  • Low Risk: Transaction proceeds without customer intervention (frictionless flow).

  • High Risk: Customer is redirected to the authentication challenge.

Step 4: Identity Verification: Customer needs to complete authentication via:

  • Biometric verification (fingerprint, face ID).

  • SMS one-time passcode (OTP).

  • Mobile banking app push notification.

Step 5: Authorisation Upon successful authentication, payment is processed with liability shift protection, and the transaction is completed.

Complete Evolution of 3D Secure from 3DS1 to 3DS 2.3.1

....

What Exactly Changed From 3DS1 vs 3DS2, the Latest Version

Feature 3DS1 3DS2
User Experience High friction, static passwords Frictionless for 85%+ transactions
Mobile Support Poor, desktop-focused Native mobile and in-app support
Data Exchange 15 data points 100+ data points for risk analysis
Authentication Methods Static passwords only Biometrics, OTP, push notifications
Integration Complex iframe redirects Modern SDK and API integration
Approval Rates 60-70% 85-95%
Average Auth Time 45-60 seconds Under 5 seconds
Abandonment Rate 15-25% 2-5%

Regulatory Compliance: PSD2 and Strong Customer Authentication

Understanding PSD2 Requirements

The Revised Payment Services Directive (PSD2), implemented across Europe in 2021, mandates Strong Customer Authentication (SCA) for online payments. SCA requires authentication using at least two of three factors:

  • Knowledge Factor (something you know): PIN, password, security question.

  • Possession Factor (something you have): Mobile device, hardware token, card.

  • Inherent Factor (something you are): Fingerprint, facial recognition, voice.

3DS2 and SCA Compliance

3DS2 is the industry-standard method for meeting SCA requirements because it:

  • Supports all three authentication factors.

  • Enables dynamic linking between transactions and authentication.

  • Provides transaction risk analysis (TRA) exemptions.

  • Maintains detailed audit trails for regulatory reporting.

SCA Exemptions Under 3DS2

Not all online transactions require Strong Customer Authentication (SCA). Under PSD2, 3DS2 allows certain exemptions that help reduce friction while staying compliant. Here are the key exemptions:

  • Low-Value Transactions
    Payments under €30 may be exempt from authentication. However, if a cardholder exceeds five consecutive exempt payments or a total of €100 in exempted spend, authentication will be required again.

  • Trusted Beneficiaries
    Customers can whitelist trusted merchants via their bank. Future payments to these merchants may skip authentication, provided the bank honours the whitelist.

  • Corporate Transactions
    Payments made with dedicated corporate cards (not personal cards) can qualify for exemption if issued under a secure, limited-use corporate setup.

  • Transaction Risk Analysis (TRA)
    If a payment service provider maintains a low fraud rate, low-risk transactions can be exempt from SCA. The threshold varies by transaction amount:

    • ≤ €100: fraud rate must be below 0.13%.

    • ≤ €250: below 0.06%.

    • ≤ €500: below 0.01%.

Banks may still choose to challenge the transaction.

Want to know more about exemptions?

Check out our dedicated guide, 3DS2 Exemptions Explained for detailed use cases, regulatory thresholds, and implementation tips.

Complete 3D Secure Authentication Implementation Guide for Merchants

  • Choose the Right Payment Gateway
    Select a gateway like Celeris that supports the most up-to-date #DS version and offers advanced risk tools, multiple authentication options, and full compliance support. This ensures smoother integration, better fraud control, and regulatory readiness.

  • Optimise for Frictionless Flows
    To maximise approval rates:

    • Use device fingerprinting and behavioural analytics.

    • Keep fraud rates low to build issuer trust.

    • Leverage SCA exemptions where possible.

    These strategies help qualify for more frictionless authentications and reduce user drop-off.

  • Build a Seamless User Experience
    Create a fast, mobile-friendly authentication flow:

    • Clear progress indicators.

    • Multiple verification methods (e.g. biometrics, OTP).

    • Smart fallback routes for failed attempts.

    • Clear error messages to reduce cart abandonment.

  • Track Key Performance Metrics
    Monitor and improve your 3DS performance with:

    • 95% authentication success rate.

    • 85% frictionless flow rate.

    • <5% false declines.

    • <3% cart abandonment during auth.

    • <0.1% fraud post-authentication.

  • Prioritise Smooth Technical Integration
    Ensure:

    • Mobile SDKs are properly integrated.

    • Comprehensive error handling and recovery processes.

    • Regular testing across different card issuers and devices.

    • Compliance with data privacy regulations.

Ready to implement 3D Secure authentication into your payment flow?

At Celeris, we offer flexible 3DS for high-performing authentication that balances compliance and user experience, ensuring your payment flow stays smooth and secure.

Conclusion: Why 3DS2 is Essential for Modern E-commerce

After working with merchants across industries, from high-volume retailers to niche B2B platforms, we can confidently say that 3DS2 implementation is no longer optional. It’s an essential solution that provides:

  • Enhanced Security: Dramatically reduces payment fraud and chargebacks.

  • Regulatory Compliance: Meets PSD2 SCA standards and upcoming regulations.

  • Improved User Experience: Increases approval rates and decreases cart abandonment.

  • Competitive Advantage: Stronger fraud protection for expanding into new markets.

  • Cost Reduction: Cuts fraud losses and minimises manual review needs.

Sources and Data:

Chinmay Jain

Chinmay Jain

Chief Technical Officer

Chinmay Jain is the CTO at CelerisPay with 10+ years of experience in fintech, fraud detection, and IT infrastructure. He leads technology and platform innovation, and he is a gold medalist from NIT Uttarakhand and a state award winner.

Frequently Asked Questions

What is 3D Secure (3DS) authentication?

3D Secure is a security protocol designed to add an extra verification step during online card transactions. It helps confirm the cardholder’s identity through their bank, reducing fraud and chargebacks while improving regulatory compliance.

How does 3D Secure work during an online purchase?

What are the key differences between 3DS1 and 3DS2?

Is 3D Secure mandatory for all online payments?

How does 3DS2 help merchants comply with PSD2 and Strong Customer Authentication (SCA)?

What benefits does 3D Secure offer merchants?

Let's Connect

Just a few quick details. Our team will reach out to explore how our platform fits your payment stack and objectives.

    Talk with one of our payment experts

    Ready to elevate your business to new heights? Schedule a call with our experts to discuss your unique needs and uncover tailored solutions. Don’t let questions linger – seize the opportunity to pave your path to success!

    Winner !

    Best use of data analytics, MPE 2025

    Best Payments Orchestration Solution, MPE 2024

    data_analytics

    Related Resource

    Share This Post

    Build your business with Celeris