3D Secure Payment Authentication

Fight fraud and stay compliant. Our flexible 3D Secure authentication works across all your acquirers and as part of the Checkout.com platform.

Intelligently increases revenue

Comprehensive authentication optimizations including smart retry logic, protocol versions and data enrichment. All powered by rich, automated machine learning.

Smarter customer experiences

Reduce drop-off with advanced Strong Customer Authentication exemptions. Flag customer experience preferences without impacting liability.

Plug & play or fully custom

Hosted options manage your authentication flow including data collection and compliance. Non-hosted options let you tailor the experience to your needs.

A one-stop authentication shop

Authenticate on Checkout.com transactions only, or consolidate all your authentication traffic into one place with our acquirer-agnostic standalone solution.

Trusted by leading global brands

Proven PSD2 performance

A multifaceted approach to authentication

No two transactions are the same. Utilize rule setting and our rich machine learning to tackle transaction complexity head-on with smart optimizations that give you the best chance of acceptance.

Optimize for all versions of 3D Secure

Enhance exemption paths across authentication and authorization

Get frictionless authentication flows while still benefiting from liability shifts

Identify and act upon changing regulator and scheme preferences

Utilize millions of data points to boost acceptance rate

Architected authentication

Keep your customers in the flow

Keep customers happy, by striking the balance between reducing friction and benefiting from liability shift. We’ve got you covered across a broad set of exemptions – from data-sharing-only flows to flagging your customer experience preference to issuers.

Rich SCA exemption support removes the need to authenticate

Data-sharing-only flow support guarantees a frictionless experience

Flag your customer experience preference to issuers without impacting liability shifts

Make use of optional data fields to increase frictionless experience outcomes

Options for every business

Find the right integration

Go standalone to centralize all authentication in one place, or use as part of our advanced payment platform. We offer a range of options for all sales channels and business types.  

See documentation


Streamline your global authentication strategy with our acquirer-agnostic solution.

  • One centralized view
  • Consolidated global reporting
  • Customizable non-hosted options
  • Out-of-the-box hosted options
  • API, Android, and iOS SDKs available

As part of the Checkout platform

Start authenticating fast on all your transactions processed by Checkout.com. Just switch on one API field and you're up and running.

  • Granular data across the payment lifecycle
  • Intuitive reporting
  • Out-of-the box hosted options
  • API, Hosted Payments Page (HPP), Payment Link-ready

Feature-rich 3D Secure offering

Deploy the latest 3D Secure version 2.2 to deliver optimal customer experiences that drive high performance. Future versions – such as 3D Secure 2.3 and beyond – are seamlessly implemented, while previous protocols are supported to give you comprehensive coverage.

Unify user experience across apps

Seamlessly build native mobile experiences across devices and operating systems (Android and iOS) with our Mobile SDK to avoid redirecting your consumers outside of your app.

Authentication for your business model

Different business models demand unique authentication solutions. We support many payment flows for authentication, including regular, recurring, installments, card add, and updates.

Supporting marketplaces and payfacs

Authenticate at a business and sub-entity level at scale. Ensure consumer clarity at the invoice level with dynamic billing descriptors.

Authenticate using your preferred credentials

Our flexible solution supports PAN, Tokens, and Network Tokens, whether you’re using external solutions or the Checkout.com tokenization and network token capability.

Always-on, global authentication

Reliably authenticate 24/7, whatever your transaction volume. Our proprietary technology is built in-house so we can deliver the highest levels of availability and redundancy across the globe.

Build with confidence

Test and validate with ease, making use of extensive testing scenarios with our simulator capability to ensure a smooth launch.

Navigating evolving SCA requirements

Europe’s Strong Customer Authentication (SCA) requirements are now in force with enhancements like 3D Secure 1 decommissioning underway. Here’s what you need to know:

What is SCA?

A quick snapshot of SCA

SCA is a European standard designed to fight online fraud. For certain transactions using European cards and acquiring, two of the following may need to be present:

  • Something the customer knows (eg., one-time-password)
  • Something the customer has (eg., phone or email)
  • Something the customer is (eg., fingerprint or face recognition)
Exemptions & more

When can SCA be skipped?

Not all transactions need authentication. Some are exempt or do not meet the SCA regulation criteria. As SCA matures, it’s important your payment provider is up to date with changes and issuers’ preferences.

Exempted transactions

Checkout.com offers all exemptions that enable you to skip SCA, such as real-time transaction risk analysis (TRA), low value, trusted beneficiaries, secure corporate payment and more.

Payment below EUR 30

If the count of transactions is fewer than four and they are under 100 EUR combined, authentication is not required. On the fifth transaction, or if one or all of the four transactions is over 100 EUR, authentication is required.

Fixed-amount transactions

Ideal for subscription businesses, if the recurring amount is the same every time then only the first transaction needs to be authenticated. Be sure to advise issuers that this is recurring in the transaction message.

Merchant-initiated transactions (MIT)

Ideal for regular transactions of different amounts. Provided there is agreement from the card holder for future changes of different amounts, authentication is only required on the first transaction.

Trusted beneficiaries

Leverage the trust of your customers by asking them to “allow” you to skip authentication for their transactions. Share your trustlists with issuers to complete the process.

Mail or telephone orders (MOTO) and corporate cards

Non-digital transactions and lodged payments (e.g., a card used by agents for expenses like travel) are considered out-of-scope for SCA regulation.

One-leg-in transactions

If either the card used to purchase or the acquiring route is not in an SCA-mandated region, then the transaction is considered out-of-scope for SCA regulation.

Frequently Asked Questions

What does the authentication landscape look like?

With the growth of digital payments fraud has become ever more sophisticated, and authentication has had to adapt to keep up. In order to improve security for both consumers and merchants, the European Payment Service Directive (PSD) has updated its regulatory standards to PSD2.

Part of this is 3D Secure 2.0, an enhanced security protocol that irons out some of the pain points of its predecessor and uses a wider range of data and biometric authentication to facilitate smoother, more secure payments.

3DS2 does this through stricter transaction security measures, including Strong Customer Authentication (SCA), Risk Based Authentication (RBA) and Transaction Risk Analysis (TRA). These improve both safety and the customer experience, helping to cut cart abandonment and increase conversions.

PSD2 SCA is not yet universally mandated, but merchants doing business in the European Economic Area are required to offer 2 factor authentication as part of the payment flow in order to meet the regulatory requirements. SCA currently only applies to transactions where both your business’s bank and your customer’s bank are in the EEA or UK.

You can find out more about authentication requirements in our SCA compliance guide.

How does 3D Secure work?

When a customer attempts a payment, 3DS2 allows you and your payment provider to assess their risk level by sending more than 100 data points to the cardholder's bank in order to verify their identity.

If, based on the data provided, the bank trusts that the customer is the cardholder, the payment can be authenticated immediately. This is known as frictionless flow.

If, however, the bank requires more proof, they will ask for more information before identifying the payment. This is known as challenge flow.

3DS2 allows you to embed this process in your checkout flow, meaning it all takes place behind the scenes, which improves the customer experience.

What is a liability shift?

Liability shift occurs when the responsibility for fraud-related chargebacks shifts from the merchant to the card issuer, insulating the former from any associated cost or risk. For example, when a customer claims that they didn’t make a purchase. This shift generally happens when a payment is successfully authenticated with 3DS.

Some transactions are exempt or out of scope from having to be authenticated by SCA. Exempt transactions include those under €30 in value or deemed to be low risk, or recurring payments and subscriptions. Out of scope transactions include:

- merchant-initiated transactions (MITs)

- Mail order telephone order (MOTO) transactions

- If the merchant or issuer is outside the EEA

- Transactions made with anonymous prepaid cards

If you use an authorization account verification to validate the card numbers and expiry dates.

In-scope transactions are one-time cardholder-initiated transactions (CITs) and adding a credential-on-file (COF) or provisioning of a token.

If you use Checkout.com’s Fraud Detection solution alongside our Authentication solution, you can choose from five routing options depending on the assessed risk level of a transaction.

These options include:

- Decline - if too high risk

- 3DS challenge - Requests a challenge via 3DS (liability shift)

- 3DS frictionless - Requests 3DS without a challenge (liability shift)

- Accept - Requests an exemption from 3DS (no liability shift)

Does Checkout.com offer a standalone authentication?

Yes, Checkout.com’s authentication solution is available either as a standalone product or as part of the Checkout.com platform.

With our standalone product, authentication and authorization are handled separately, and you can manage your own authentication needs across multiple acquirers. You have the option of either a hosted or non-hosted presentation. If you choose the latter, you have full control of the authentication experience, including device fingerprinting, payment flow, and customization of the front-end.

Checkout.com’s standalone authentication product also enables browser-based authentication on web and mobile, as well as native mobile authentication (iOS, Android) via our mobile software development kit.

Get ready for generation Authentication

Contact us