Processing Payments via 3D-Secure
A series of short tips / advices for Software Engineers
In this article, we will go through some of the technical bits we experienced in implementing 3D-Secure. What is 3D-Secure and its possible issues? Format, go through what 3D-Secure is and then speak about technical bits
I started this article a while back and only managed to complete it now. We had to update the way we process 3D-Secure enabled cards in order to reduce drop off. As part of this process, we learnt quite a bit about what 3D-Secure really is. I thought I would share some of this.
What is 3D-Secure?
In simple terms, 3D-Secure authenticates the user prior to processing payment.
How Does 3D-Secure Work?
Prior to processing a card, your card details are sent to an authority that is able to inform the merchant if the card is 3D-Secure enabled and with which bank so that the merchant can then display that infamous 3D-Secure OTP authentication page, hopefully, this will be improved with 3D-Secure Version 2.0
The user then verifies that they are who they are with the authority with the Bank. The Bank then sends this response back to the merchant and sends a token back to say that the user is authenticated.
This token is then used to continue the payment transaction (that is pre-authorise and then capture payment)
Points to Note
The 3D-Secure authentication authenticates the user and not the amount, so you could authenticate a user and would then have to attempt to take payment of the amount in the next steps.
The above point is quite crucial to note as it can help you in your payment flows.
Parties Involved
Merchant (You)
- Processing payment
3D-Secure Authority
- Tells us if this card is 3DS enabled and which bank should authorise the user
Bank(Issuer)
- Used to authorise the user and subsequently complete payment
Summary
3D-Secure is quite a complex process at present and a lot of work is going into making it work. The consumer-facing view of 3D-Secure is not the best user experience and it is for that reason why certain companies try to reduce drop-offs by switching it on / off based on risk. Hopefully, 3D-Secure 2.0 will be able to solve this.
