Resource
/
The Complete Guide to 3D Secure Authentication

Contents

How to Choose Best Chargeback Management Solution in 2025?

May 7 2025 | Blog

Chargebacks are a growing concern for online businesses today. A market research report published on Paypers reported that merchants lose 1% of their revenue in chargebacks every year, and this number is increasing, regardless of whether you're in e-commerce,...

What is Payment Orchestration? A complete Guide for Businesses in 2025

April 18 2025 | Blog

If you're running an online business that serves customers worldwide, you've likely encountered the complexities of managing multiple payment platforms, gateways, and processors. Not only that, but merchants are facing high transaction fees, frustrating integration...

Celerispay Wins MPE Award for Best Use of Data Analytics in 2025

April 7 2025 | Blog

Celeris is excited to announce that we have won the 2025 Merchant Payments Ecosystem (MPE) Award for Best Use of Data Analytics! Following our win for Best Payments Orchestration Solution last year, this marks our second consecutive MPE victory. This achievement...

The Complete Guide to 3D Secure Authentication

By Chinmay Jain on 11/07/2025

Online payment fraud isn’t slowing down. As digital commerce scales, so do the risks of online payment fraud, according to a Juniper Research market forecast report on online payment fraud, predicting that merchants’ losses will exceed $360 billion by 2028 due to online payment fraud.

Yet, many businesses, especially e-merchants, still rely on outdated verification methods or none at all. This exposes them to security threats, data breaches, poor user experiences, and regulatory non-compliance, which can lead to fraud, chargebacks, false declines, and lost revenue.

That’s where 3D Secure (3DS) authentication comes into play. Developed and introduced by Visa and licensed to Mastercard, it adds an extra layer of security to all card transactions by enabling two-step verification through OTP, fingerprints, and facial recognition.

In this guide, we’ll explore everything one needs to know about 3D Secure Authentication, including what it is, how it works, and how the evolution from 3DS1 to 3DS2 has significantly impacted merchants dealing with fraud and compliance.

TL;DR: Everything You Need to Know About 3D Secure

What is 3D Secure? 3D Secure is a payment authentication protocol that adds an extra layer of security to online card transactions by verifying the cardholder’s identity through their bank.

Key Benefits:

It shifts fraud liability from merchants to card issuers for authenticated transactions.
Meets PSD2 Strong Customer Authentication (SCA) requirements in Europe.
It improves approval rates with 3DS2’s frictionless authentication (up to 85% of transactions).
It reduces online payment fraud by up to 70% (based on industry data from major payment processors).

Latest Version: 3DS 2.3.1 was released in October 2022, offering enhanced mobile support, improved risk analysis, and a better user experience compared to the legacy 3DS 1.

What Merchants Need to Know: 3DS2 implementation will be essential for merchants processing online payments in 2025, whether you operate an e-commerce store or subscription services. It provides improved security and regulatory compliance without lowering conversion rates.

What is 3D Secure?

3D Secure (3DS) is a payment authentication protocol created by the major card network Visa and also adopted by Mastercard. Its primary purpose is to help reduce online payment fraud. When enabled, it adds an extra layer of security (two-step verification) to card transactions, verifying the cardholder’s identity using methods such as one-time passwords (OTP), fingerprint, or facial recognition.

The “3D” in 3D Secure refers to the three domains involved in the authentication process:

Acquirer Domain The merchant’s bank or payment processor.
Issuer Domain The bank that issued the customer’s card.
3DS Infrastructure Domain The card network (e.g., Visa, Mastercard)

Contents

How 3D Secure Works?

When a customer proceeds to checkout and makes a payment online, here’s what happens behind the scenes:

Step 1: Transaction Initiation: Customer enters card details and clicks “Pay”.

Step 2: Risk Assessment: The issuing bank analyses transaction data using machine learning algorithms to determine fraud risk.

Step 3: Authentication Decision:

Low Risk: Transaction proceeds without customer intervention (frictionless flow).
High Risk: Customer is redirected to the authentication challenge.

Step 4: Identity Verification: Customer needs to complete authentication via:

Biometric verification (fingerprint, face ID).
SMS one-time passcode (OTP).
Mobile banking app push notification.

Step 5: Authorisation Upon successful authentication, payment is processed with liability shift protection, and the transaction is completed.

Complete Evolution of 3D Secure from 3DS1 to 3DS 2.3.1

What Exactly Changed From 3DS1 vs 3DS2, the Latest Version

Feature	3DS1	3DS2
User Experience	High friction, static passwords	Frictionless for 85%+ transactions
Mobile Support	Poor, desktop-focused	Native mobile and in-app support
Data Exchange	15 data points	100+ data points for risk analysis
Authentication Methods	Static passwords only	Biometrics, OTP, push notifications
Integration	Complex iframe redirects	Modern SDK and API integration
Approval Rates	60-70%	85-95%
Average Auth Time	45-60 seconds	Under 5 seconds
Abandonment Rate	15-25%	2-5%

Regulatory Compliance: PSD2 and Strong Customer Authentication

Understanding PSD2 Requirements

The Revised Payment Services Directive (PSD2), implemented across Europe in 2021, mandates Strong Customer Authentication (SCA) for online payments. SCA requires authentication using at least two of three factors:

Knowledge Factor (something you know): PIN, password, security question.
Possession Factor (something you have): Mobile device, hardware token, card.
Inherent Factor (something you are): Fingerprint, facial recognition, voice.

3DS2 and SCA Compliance

3DS2 is the industry-standard method for meeting SCA requirements because it:

Supports all three authentication factors.
Enables dynamic linking between transactions and authentication.
Provides transaction risk analysis (TRA) exemptions.
Maintains detailed audit trails for regulatory reporting.

SCA Exemptions Under 3DS2

Not all online transactions require Strong Customer Authentication (SCA). Under PSD2, 3DS2 allows certain exemptions that help reduce friction while staying compliant. Here are the key exemptions:

Low-Value Transactions
Payments under €30 may be exempt from authentication. However, if a cardholder exceeds five consecutive exempt payments or a total of €100 in exempted spend, authentication will be required again.
Trusted Beneficiaries
Customers can whitelist trusted merchants via their bank. Future payments to these merchants may skip authentication, provided the bank honours the whitelist.
Corporate Transactions
Payments made with dedicated corporate cards (not personal cards) can qualify for exemption if issued under a secure, limited-use corporate setup.
Transaction Risk Analysis (TRA)
If a payment service provider maintains a low fraud rate, low-risk transactions can be exempt from SCA. The threshold varies by transaction amount:
- ≤ €100: fraud rate must be below 0.13%.
- ≤ €250: below 0.06%.
- ≤ €500: below 0.01%.

Banks may still choose to challenge the transaction.

Want to know more about exemptions?

Check out our dedicated guide, 3DS2 Exemptions Explained for detailed use cases, regulatory thresholds, and implementation tips.

Complete 3D Secure Authentication Implementation Guide for Merchants

Choose the Right Payment Gateway
Select a gateway like Celeris that supports the most up-to-date #DS version and offers advanced risk tools, multiple authentication options, and full compliance support. This ensures smoother integration, better fraud control, and regulatory readiness.
Optimise for Frictionless Flows
To maximise approval rates:
- Use device fingerprinting and behavioural analytics.
- Keep fraud rates low to build issuer trust.
- Leverage SCA exemptions where possible.
These strategies help qualify for more frictionless authentications and reduce user drop-off.
Build a Seamless User Experience
Create a fast, mobile-friendly authentication flow:
- Clear progress indicators.
- Multiple verification methods (e.g. biometrics, OTP).
- Smart fallback routes for failed attempts.
- Clear error messages to reduce cart abandonment.
Track Key Performance Metrics
Monitor and improve your 3DS performance with:
- 95% authentication success rate.
- 85% frictionless flow rate.
- <5% false declines.
- <3% cart abandonment during auth.
- <0.1% fraud post-authentication.
Prioritise Smooth Technical Integration
Ensure:
- Mobile SDKs are properly integrated.
- Comprehensive error handling and recovery processes.
- Regular testing across different card issuers and devices.
- Compliance with data privacy regulations.

Ready to implement 3D Secure authentication into your payment flow?

At Celeris, we offer flexible 3DS for high-performing authentication that balances compliance and user experience, ensuring your payment flow stays smooth and secure.

Conclusion: Why 3DS2 is Essential for Modern E-commerce

After working with merchants across industries, from high-volume retailers to niche B2B platforms, we can confidently say that 3DS2 implementation is no longer optional. It’s an essential solution that provides:

Enhanced Security: Dramatically reduces payment fraud and chargebacks.
Regulatory Compliance: Meets PSD2 SCA standards and upcoming regulations.
Improved User Experience: Increases approval rates and decreases cart abandonment.
Competitive Advantage: Stronger fraud protection for expanding into new markets.
Cost Reduction: Cuts fraud losses and minimises manual review needs.

Sources and Data:

Juniper Research: Online Payment Fraud Report 2024.
PCI Security Standards Council: 3DS2 Implementation Guidelines.
European Banking Authority: PSD2 Regulatory Technical Standards.
Industry analysis based on aggregated client data & market research.

Chinmay Jain

Chief Technical Officer

Chinmay Jain is the CTO at CelerisPay with 10+ years of experience in fintech, fraud detection, and IT infrastructure. He leads technology and platform innovation, and he is a gold medalist from NIT Uttarakhand and a state award winner.

Frequently Asked Questions

What is 3D Secure (3DS) authentication?

3D Secure is a security protocol designed to add an extra verification step during online card transactions. It helps confirm the cardholder’s identity through their bank, reducing fraud and chargebacks while improving regulatory compliance.

How does 3D Secure work during an online purchase?

What are the key differences between 3DS1 and 3DS2?

Is 3D Secure mandatory for all online payments?

How does 3DS2 help merchants comply with PSD2 and Strong Customer Authentication (SCA)?

What benefits does 3D Secure offer merchants?

Let's Connect

Just a few quick details. Our team will reach out to explore how our platform fits your payment stack and objectives.

Talk with one of our payment experts

Ready to elevate your business to new heights? Schedule a call with our experts to discuss your unique needs and uncover tailored solutions. Don’t let questions linger – seize the opportunity to pave your path to success!