Risk assessment and 3D Secure authentication
The 3D Secure service allows to reduce the risk of chargebacks, thanks to the liability shift from the Merchant to the cardholder’s bank (see § 4.2 for more details).
The advanced risk assessment module allows to perform two specific actions when configuring the rules: “Enable 3D Secure” “Disable 3D Secure”.
These actions allow the Merchant, depending on the protocols available for his/her MID:
- In 3DS1: to enable or disable 3D Secure authentication,
- In 3DS2: to express their desire to challenge the buyer with a strong authentication during the payment.
- In 3DS1: to enable or disable 3D Secure authentication,
- In 3DS2: to express their desire to challenge the buyer with a strong authentication during the payment.
For this, he/she uses the strongAuthentification field of the REST API or the vads_threeds_mpi field of the Hosted Payment Page.
This function can be used in addition to the risk module .
In this case, the parameter transmitted in the payment request has priority over the decisions of the risk assessment module.
Reminder:
In compliance with banking network rules, a transaction carried out without cardholder authentication does not benefit from liability shift.
Other rules may apply in priority to those defined by the Merchant (in his/her payment requests or via the risk assessment module):
- Some payment cards require cardholder authentication. This is the case of Maestro cards.
- In 3DS2, exceptional cases will be progressively introduced by the payment gateway.
For example, for payments in euro lower than €30 and within the limit of 5 consecutive payments of less than €30, the Merchant preference transmitted to the issuer will be “No Challenge Requested”. If the issuer accepts it, the authentication will be frictionless.
- American Express reserves the right to perform strong authentication according to its own rules, even if the Merchant has requested to disable 3D Secure for the transaction.