Accept payments

Online payments

Accept and manage online payments

In-person payments

Take payments with terminals and devices

Checkout

Offer a checkout optimised for conversion

Recurring payments

Collect recurring and subscription payments

Acceptance & Risk

Prevent fraud and optimise conversion

Collect revenue

Payment links

Create, send and customise payment links

Invoicing

Crea

NEW

Grow your business

Capital

Get fast funding with flexible repayments

Embedded payments

Connect

Embed payments on your platform

Partners

For Agencies

Learn about our Agency Partner Program

For SaaS and Ecommerce

Explore our SaaS and Ecommerce Partner Program

Technical resources

Developers portal

Discover developer resources and updates

Libraries

Integrate Mollie with ready-to-go libraries

Discord community

Join our developer community

Mollie API

Docs

Explore our API documentation and guides

Status

Check our current system status

Changelog

Read up on recent technical changes

About Mollie

Pricing

View our pricing

About us

Learn more about our story and values

News

Read the latest Mollie news

Careers

Come work for us - we're hiring!

Mollie content

Articles & guides

Discover content that can help your business

Success stories

See how we support our customers

Papers

Download our papers

Contact

For shoppers

Find out why Mollie is on your bank statement

For Mollie customers

Reach out to our customer support team

Contact sales

Discover how we can help your business

Growth

>

3D Secure authentication and 3D Secure 2 explained

3D Secure authentication and 3D Secure 2 explained

3D Secure authentication and 3D Secure 2 explained

3D Secure authentication and 3D Secure 2 explained

Learn more about 3D Secure and 3D Secure 2 authentication. Discover how they work, how to use them, and what they can offer your business.

Learn more about 3D Secure and 3D Secure 2 authentication. Discover how they work, how to use them, and what they can offer your business.

Trust-and-security

5 Jan 2023

Fort Knox‚ the US army station which protects one of the biggest gold reserves in the world‚ has a dizzying array of security measures: tanks‚ attack helicopters‚ mines‚ laser-triggered machine guns‚ and more.

Only one person has tried to break into the vault‚ and he wasn't real. That was Auric Goldfinger‚ the eponymous villain in the James Bond film.

Unfortunately‚ online payments aren't protected in quite the same way as Fort Knox. But‚ as ecommerce adoption increases and the financial industry evolves‚ new methods of protecting consumers and their money are being introduced. And these security measures include 3D Secure and 3D Secure 2.

This article will explain what they are‚ their benefits‚ and how you can use them to save money and reduce fraud.

Fort Knox‚ the US army station which protects one of the biggest gold reserves in the world‚ has a dizzying array of security measures: tanks‚ attack helicopters‚ mines‚ laser-triggered machine guns‚ and more.

Only one person has tried to break into the vault‚ and he wasn't real. That was Auric Goldfinger‚ the eponymous villain in the James Bond film.

Unfortunately‚ online payments aren't protected in quite the same way as Fort Knox. But‚ as ecommerce adoption increases and the financial industry evolves‚ new methods of protecting consumers and their money are being introduced. And these security measures include 3D Secure and 3D Secure 2.

This article will explain what they are‚ their benefits‚ and how you can use them to save money and reduce fraud.

Fort Knox‚ the US army station which protects one of the biggest gold reserves in the world‚ has a dizzying array of security measures: tanks‚ attack helicopters‚ mines‚ laser-triggered machine guns‚ and more.

Only one person has tried to break into the vault‚ and he wasn't real. That was Auric Goldfinger‚ the eponymous villain in the James Bond film.

Unfortunately‚ online payments aren't protected in quite the same way as Fort Knox. But‚ as ecommerce adoption increases and the financial industry evolves‚ new methods of protecting consumers and their money are being introduced. And these security measures include 3D Secure and 3D Secure 2.

This article will explain what they are‚ their benefits‚ and how you can use them to save money and reduce fraud.

Fort Knox‚ the US army station which protects one of the biggest gold reserves in the world‚ has a dizzying array of security measures: tanks‚ attack helicopters‚ mines‚ laser-triggered machine guns‚ and more.

Only one person has tried to break into the vault‚ and he wasn't real. That was Auric Goldfinger‚ the eponymous villain in the James Bond film.

Unfortunately‚ online payments aren't protected in quite the same way as Fort Knox. But‚ as ecommerce adoption increases and the financial industry evolves‚ new methods of protecting consumers and their money are being introduced. And these security measures include 3D Secure and 3D Secure 2.

This article will explain what they are‚ their benefits‚ and how you can use them to save money and reduce fraud.

What is 3D Secure authentication?

Despite the rise in alternative payment methods, cards are still the preferred payment option for many European consumers. And though security measures are in place to protect card users – including the card verification code (CVC) system – data shows that card payments have the highest fraud risk.

To better protect users, in 2001 card schemes introduced the 3D Secure protocol to reduce fraud and increase security for online payments.

3D Secure 1.0 worked by redirecting a shopper to a site managed by the issuing bank – the bank that issued the card to the customer – to answer additional security questions. This could be a unique password or a one-time password sent via SMS.

Although this process did improve security, it also created problems for businesses and shoppers. These problems include these things:

  • Checkout friction: Adding a verification step created more friction in the checkout process.

  • Static passwords: Some issuing banks also relied on users remembering a static password, which they could easily forget.

  • Mobile/app experience: Sometimes, 3DS redirected shoppers using a mobile device or app to a bank's website, which wasn't optimised for the device.

These things could cause shoppers to abandon their cart, costing businesses a sale.

Despite the rise in alternative payment methods, cards are still the preferred payment option for many European consumers. And though security measures are in place to protect card users – including the card verification code (CVC) system – data shows that card payments have the highest fraud risk.

To better protect users, in 2001 card schemes introduced the 3D Secure protocol to reduce fraud and increase security for online payments.

3D Secure 1.0 worked by redirecting a shopper to a site managed by the issuing bank – the bank that issued the card to the customer – to answer additional security questions. This could be a unique password or a one-time password sent via SMS.

Although this process did improve security, it also created problems for businesses and shoppers. These problems include these things:

  • Checkout friction: Adding a verification step created more friction in the checkout process.

  • Static passwords: Some issuing banks also relied on users remembering a static password, which they could easily forget.

  • Mobile/app experience: Sometimes, 3DS redirected shoppers using a mobile device or app to a bank's website, which wasn't optimised for the device.

These things could cause shoppers to abandon their cart, costing businesses a sale.

Despite the rise in alternative payment methods, cards are still the preferred payment option for many European consumers. And though security measures are in place to protect card users – including the card verification code (CVC) system – data shows that card payments have the highest fraud risk.

To better protect users, in 2001 card schemes introduced the 3D Secure protocol to reduce fraud and increase security for online payments.

3D Secure 1.0 worked by redirecting a shopper to a site managed by the issuing bank – the bank that issued the card to the customer – to answer additional security questions. This could be a unique password or a one-time password sent via SMS.

Although this process did improve security, it also created problems for businesses and shoppers. These problems include these things:

  • Checkout friction: Adding a verification step created more friction in the checkout process.

  • Static passwords: Some issuing banks also relied on users remembering a static password, which they could easily forget.

  • Mobile/app experience: Sometimes, 3DS redirected shoppers using a mobile device or app to a bank's website, which wasn't optimised for the device.

These things could cause shoppers to abandon their cart, costing businesses a sale.

Despite the rise in alternative payment methods, cards are still the preferred payment option for many European consumers. And though security measures are in place to protect card users – including the card verification code (CVC) system – data shows that card payments have the highest fraud risk.

To better protect users, in 2001 card schemes introduced the 3D Secure protocol to reduce fraud and increase security for online payments.

3D Secure 1.0 worked by redirecting a shopper to a site managed by the issuing bank – the bank that issued the card to the customer – to answer additional security questions. This could be a unique password or a one-time password sent via SMS.

Although this process did improve security, it also created problems for businesses and shoppers. These problems include these things:

  • Checkout friction: Adding a verification step created more friction in the checkout process.

  • Static passwords: Some issuing banks also relied on users remembering a static password, which they could easily forget.

  • Mobile/app experience: Sometimes, 3DS redirected shoppers using a mobile device or app to a bank's website, which wasn't optimised for the device.

These things could cause shoppers to abandon their cart, costing businesses a sale.

The introduction of 3D Secure 2 (3DS2)

To help solve some of the drawbacks of the original 3DS, EMVCo – an organisation owned by six of the world's major card issuers – released 3D Secure 2 in 2018.

3DS2 (also known as 3DS 2.0 and 3D Secure 2.0) allows businesses and payment providers to share more transaction data with the issuing bank. This creates a frictionless flow and improves the user experience.

As of October 2022, many of the world's major card schemes – including Visa and Mastercard – have stopped supporting 3DS payments in Europe. Instead, 3DS2 authentication is now used for most card transactions.

3DS2 payments are the primary method businesses use to comply with the revised payment service directive (PSD2) regulation and Strong Customer Authentication (SCA) requirements in Europe.

To help solve some of the drawbacks of the original 3DS, EMVCo – an organisation owned by six of the world's major card issuers – released 3D Secure 2 in 2018.

3DS2 (also known as 3DS 2.0 and 3D Secure 2.0) allows businesses and payment providers to share more transaction data with the issuing bank. This creates a frictionless flow and improves the user experience.

As of October 2022, many of the world's major card schemes – including Visa and Mastercard – have stopped supporting 3DS payments in Europe. Instead, 3DS2 authentication is now used for most card transactions.

3DS2 payments are the primary method businesses use to comply with the revised payment service directive (PSD2) regulation and Strong Customer Authentication (SCA) requirements in Europe.

To help solve some of the drawbacks of the original 3DS, EMVCo – an organisation owned by six of the world's major card issuers – released 3D Secure 2 in 2018.

3DS2 (also known as 3DS 2.0 and 3D Secure 2.0) allows businesses and payment providers to share more transaction data with the issuing bank. This creates a frictionless flow and improves the user experience.

As of October 2022, many of the world's major card schemes – including Visa and Mastercard – have stopped supporting 3DS payments in Europe. Instead, 3DS2 authentication is now used for most card transactions.

3DS2 payments are the primary method businesses use to comply with the revised payment service directive (PSD2) regulation and Strong Customer Authentication (SCA) requirements in Europe.

To help solve some of the drawbacks of the original 3DS, EMVCo – an organisation owned by six of the world's major card issuers – released 3D Secure 2 in 2018.

3DS2 (also known as 3DS 2.0 and 3D Secure 2.0) allows businesses and payment providers to share more transaction data with the issuing bank. This creates a frictionless flow and improves the user experience.

As of October 2022, many of the world's major card schemes – including Visa and Mastercard – have stopped supporting 3DS payments in Europe. Instead, 3DS2 authentication is now used for most card transactions.

3DS2 payments are the primary method businesses use to comply with the revised payment service directive (PSD2) regulation and Strong Customer Authentication (SCA) requirements in Europe.

How does 3DS2 work?

With 3DS2 payments, the authentication process is embedded in the checkout flow. This creates a more frictionless experience compared to the original 3DS.

Whenever a customer makes a 3DS2 payment, businesses and payment providers can send more than 150 data points that help the issuing bank assess the payment risk level. This includes data on the customer's shipping address, device, and payment history. The process takes place in the background of the web or mobile checkout flow.

After the data is submitted, the issuing bank chooses to authenticate the payment or ask for more information. Here two things can happen, which are:

  • If the issuing bank authenticates the payment immediately, it is called the frictionless flow. 

  • If more information is required, it is known as the challenge flow.

Frictionless authentication flow

If the issuing bank has enough data about the customer making a payment, it will qualify for frictionless authentication. This is the most significant difference when comparing 3DS vs 3DS2, as it means an issuer can approve a transaction without the cardholder having to input more information.

Better customer experience

Unlike the original 3DS, the 3D Secure 2 protocol is responsive to many devices, including smartphones and tablets. This means it works seamlessly with mobile banking apps to create a frictionless experience.

Less friction during challenge flow 

In most cases, 3DS2 allows a cardholder to authenticate a challenge flow payment through their banking app using biometric authentication (such as a fingerprint or facial scan). This is sometimes known as ‘out-of-band authentication’.

3DS2 also helps to embed the challenge information request within the checkout flow itself. This means that cardholders are not redirected to another site to authenticate the payment, reducing friction and the possibility of cart abandonments.

Liability shift

Using 3DS and 3DS2 payments also helps you to reduce the risk of losing money through chargebacks.

Using 3DS2 means the liability for fraud-related chargebacks shifts from your business to your issuing bank. Though there are a few exceptions to this rule, in Europe almost all online payments using 3DS2 activate this liability shift. However, It doesn’t apply to non-fraud related chargeback reasons, such as goods not being delivered. 

With 3DS2 payments, the authentication process is embedded in the checkout flow. This creates a more frictionless experience compared to the original 3DS.

Whenever a customer makes a 3DS2 payment, businesses and payment providers can send more than 150 data points that help the issuing bank assess the payment risk level. This includes data on the customer's shipping address, device, and payment history. The process takes place in the background of the web or mobile checkout flow.

After the data is submitted, the issuing bank chooses to authenticate the payment or ask for more information. Here two things can happen, which are:

  • If the issuing bank authenticates the payment immediately, it is called the frictionless flow. 

  • If more information is required, it is known as the challenge flow.

Frictionless authentication flow

If the issuing bank has enough data about the customer making a payment, it will qualify for frictionless authentication. This is the most significant difference when comparing 3DS vs 3DS2, as it means an issuer can approve a transaction without the cardholder having to input more information.

Better customer experience

Unlike the original 3DS, the 3D Secure 2 protocol is responsive to many devices, including smartphones and tablets. This means it works seamlessly with mobile banking apps to create a frictionless experience.

Less friction during challenge flow 

In most cases, 3DS2 allows a cardholder to authenticate a challenge flow payment through their banking app using biometric authentication (such as a fingerprint or facial scan). This is sometimes known as ‘out-of-band authentication’.

3DS2 also helps to embed the challenge information request within the checkout flow itself. This means that cardholders are not redirected to another site to authenticate the payment, reducing friction and the possibility of cart abandonments.

Liability shift

Using 3DS and 3DS2 payments also helps you to reduce the risk of losing money through chargebacks.

Using 3DS2 means the liability for fraud-related chargebacks shifts from your business to your issuing bank. Though there are a few exceptions to this rule, in Europe almost all online payments using 3DS2 activate this liability shift. However, It doesn’t apply to non-fraud related chargeback reasons, such as goods not being delivered. 

With 3DS2 payments, the authentication process is embedded in the checkout flow. This creates a more frictionless experience compared to the original 3DS.

Whenever a customer makes a 3DS2 payment, businesses and payment providers can send more than 150 data points that help the issuing bank assess the payment risk level. This includes data on the customer's shipping address, device, and payment history. The process takes place in the background of the web or mobile checkout flow.

After the data is submitted, the issuing bank chooses to authenticate the payment or ask for more information. Here two things can happen, which are:

  • If the issuing bank authenticates the payment immediately, it is called the frictionless flow. 

  • If more information is required, it is known as the challenge flow.

Frictionless authentication flow

If the issuing bank has enough data about the customer making a payment, it will qualify for frictionless authentication. This is the most significant difference when comparing 3DS vs 3DS2, as it means an issuer can approve a transaction without the cardholder having to input more information.

Better customer experience

Unlike the original 3DS, the 3D Secure 2 protocol is responsive to many devices, including smartphones and tablets. This means it works seamlessly with mobile banking apps to create a frictionless experience.

Less friction during challenge flow 

In most cases, 3DS2 allows a cardholder to authenticate a challenge flow payment through their banking app using biometric authentication (such as a fingerprint or facial scan). This is sometimes known as ‘out-of-band authentication’.

3DS2 also helps to embed the challenge information request within the checkout flow itself. This means that cardholders are not redirected to another site to authenticate the payment, reducing friction and the possibility of cart abandonments.

Liability shift

Using 3DS and 3DS2 payments also helps you to reduce the risk of losing money through chargebacks.

Using 3DS2 means the liability for fraud-related chargebacks shifts from your business to your issuing bank. Though there are a few exceptions to this rule, in Europe almost all online payments using 3DS2 activate this liability shift. However, It doesn’t apply to non-fraud related chargeback reasons, such as goods not being delivered. 

With 3DS2 payments, the authentication process is embedded in the checkout flow. This creates a more frictionless experience compared to the original 3DS.

Whenever a customer makes a 3DS2 payment, businesses and payment providers can send more than 150 data points that help the issuing bank assess the payment risk level. This includes data on the customer's shipping address, device, and payment history. The process takes place in the background of the web or mobile checkout flow.

After the data is submitted, the issuing bank chooses to authenticate the payment or ask for more information. Here two things can happen, which are:

  • If the issuing bank authenticates the payment immediately, it is called the frictionless flow. 

  • If more information is required, it is known as the challenge flow.

Frictionless authentication flow

If the issuing bank has enough data about the customer making a payment, it will qualify for frictionless authentication. This is the most significant difference when comparing 3DS vs 3DS2, as it means an issuer can approve a transaction without the cardholder having to input more information.

Better customer experience

Unlike the original 3DS, the 3D Secure 2 protocol is responsive to many devices, including smartphones and tablets. This means it works seamlessly with mobile banking apps to create a frictionless experience.

Less friction during challenge flow 

In most cases, 3DS2 allows a cardholder to authenticate a challenge flow payment through their banking app using biometric authentication (such as a fingerprint or facial scan). This is sometimes known as ‘out-of-band authentication’.

3DS2 also helps to embed the challenge information request within the checkout flow itself. This means that cardholders are not redirected to another site to authenticate the payment, reducing friction and the possibility of cart abandonments.

Liability shift

Using 3DS and 3DS2 payments also helps you to reduce the risk of losing money through chargebacks.

Using 3DS2 means the liability for fraud-related chargebacks shifts from your business to your issuing bank. Though there are a few exceptions to this rule, in Europe almost all online payments using 3DS2 activate this liability shift. However, It doesn’t apply to non-fraud related chargeback reasons, such as goods not being delivered. 

3DS2, PSD2, and SCA

The revised Payment Services Directive is the primary regulation governing electronic payment services in Europe. And one of the primary ways it provides better security for consumers and businesses is through Strong Customer Authentication (SCA).

3D Secure 2 is the most popular method of authenticating online card payments and adhering to SCA guidelines while reducing friction to help boost conversions.

Some payment providers can help you access SCA exemptions for low-risk payments. That means exempted transactions automatically go through the frictionless flow. In this case, the liability shift does not occur, meaning that your business will be liable for any chargebacks for exempt payments.

The revised Payment Services Directive is the primary regulation governing electronic payment services in Europe. And one of the primary ways it provides better security for consumers and businesses is through Strong Customer Authentication (SCA).

3D Secure 2 is the most popular method of authenticating online card payments and adhering to SCA guidelines while reducing friction to help boost conversions.

Some payment providers can help you access SCA exemptions for low-risk payments. That means exempted transactions automatically go through the frictionless flow. In this case, the liability shift does not occur, meaning that your business will be liable for any chargebacks for exempt payments.

The revised Payment Services Directive is the primary regulation governing electronic payment services in Europe. And one of the primary ways it provides better security for consumers and businesses is through Strong Customer Authentication (SCA).

3D Secure 2 is the most popular method of authenticating online card payments and adhering to SCA guidelines while reducing friction to help boost conversions.

Some payment providers can help you access SCA exemptions for low-risk payments. That means exempted transactions automatically go through the frictionless flow. In this case, the liability shift does not occur, meaning that your business will be liable for any chargebacks for exempt payments.

The revised Payment Services Directive is the primary regulation governing electronic payment services in Europe. And one of the primary ways it provides better security for consumers and businesses is through Strong Customer Authentication (SCA).

3D Secure 2 is the most popular method of authenticating online card payments and adhering to SCA guidelines while reducing friction to help boost conversions.

Some payment providers can help you access SCA exemptions for low-risk payments. That means exempted transactions automatically go through the frictionless flow. In this case, the liability shift does not occur, meaning that your business will be liable for any chargebacks for exempt payments.

How to activate 3D Secure 2

Most businesses work with a payment provider that can help them seamlessly apply 3DS2 for all high-risk payments to help protect your business from fraud.

Here at Mollie, we help you apply 3DS2 to all relevant transactions. Our dynamic 3D Secure tooling means that payments will still complete even if there are issues with the 3DS authentication, such as when an issuing bank does not support it.

Mollie dashboard

We aim to be a trusted partner for your business that offers all the tools you need to power growth. That includes a payment solution that helps you accept multiple payment methods and offer customers a frictionless payment process to boost conversions. 

Our product also has advanced security features to protect you and your customers. These features include: 

  • Dynamic 3D secure payments

  • PCI-DSS level 1 certified

  • Fraud monitoring

Most businesses work with a payment provider that can help them seamlessly apply 3DS2 for all high-risk payments to help protect your business from fraud.

Here at Mollie, we help you apply 3DS2 to all relevant transactions. Our dynamic 3D Secure tooling means that payments will still complete even if there are issues with the 3DS authentication, such as when an issuing bank does not support it.

Mollie dashboard

We aim to be a trusted partner for your business that offers all the tools you need to power growth. That includes a payment solution that helps you accept multiple payment methods and offer customers a frictionless payment process to boost conversions. 

Our product also has advanced security features to protect you and your customers. These features include: 

  • Dynamic 3D secure payments

  • PCI-DSS level 1 certified

  • Fraud monitoring

Most businesses work with a payment provider that can help them seamlessly apply 3DS2 for all high-risk payments to help protect your business from fraud.

Here at Mollie, we help you apply 3DS2 to all relevant transactions. Our dynamic 3D Secure tooling means that payments will still complete even if there are issues with the 3DS authentication, such as when an issuing bank does not support it.

Mollie dashboard

We aim to be a trusted partner for your business that offers all the tools you need to power growth. That includes a payment solution that helps you accept multiple payment methods and offer customers a frictionless payment process to boost conversions. 

Our product also has advanced security features to protect you and your customers. These features include: 

  • Dynamic 3D secure payments

  • PCI-DSS level 1 certified

  • Fraud monitoring

Most businesses work with a payment provider that can help them seamlessly apply 3DS2 for all high-risk payments to help protect your business from fraud.

Here at Mollie, we help you apply 3DS2 to all relevant transactions. Our dynamic 3D Secure tooling means that payments will still complete even if there are issues with the 3DS authentication, such as when an issuing bank does not support it.

Mollie dashboard

We aim to be a trusted partner for your business that offers all the tools you need to power growth. That includes a payment solution that helps you accept multiple payment methods and offer customers a frictionless payment process to boost conversions. 

Our product also has advanced security features to protect you and your customers. These features include: 

  • Dynamic 3D secure payments

  • PCI-DSS level 1 certified

  • Fraud monitoring

Stay up to date

Never miss an update. Receive product updates, news and customer stories right into your inbox.

Connect every payment. Upgrade every part of your business.

Never miss an update. Receive product updates, news and customer stories right into your inbox.

Form fields
Form fields
Form fields

Table of contents

Table of contents

Table of contents

What is 3D Secure authentication?

The introduction of 3D Secure 2 (3DS2)

How does 3DS2 work?

3DS2, PSD2, and SCA

How to activate 3D Secure 2

More updates

View all

Ecommerce fraud management strategies 2023

Discover ecommerce fraud management strategies and how to protect your business from fraudsters.

20 Jun 2023

What is chargeback fraud and how to prevent it in 2023

Learn what chargeback fraud is, how to prevent it and how to fight disputes as an online business with Mollie.

6 Apr 2023

What is fraud detection?

What is fraud detection and how does it work? Discover how fraud can impact your business and how to prevent it.

20 Feb 2023

Ecommerce fraud management strategies 2023

Discover ecommerce fraud management strategies and how to protect your business from fraudsters.

20 Jun 2023

What is chargeback fraud and how to prevent it in 2023

Learn what chargeback fraud is, how to prevent it and how to fight disputes as an online business with Mollie.

6 Apr 2023

What is fraud detection?

What is fraud detection and how does it work? Discover how fraud can impact your business and how to prevent it.

20 Feb 2023

MollieGrowth3D Secure authentication and 3D Secure 2 explained
MollieGrowth3D Secure authentication and 3D Secure 2 explained