3D Secure authentication

An authentication protocol that adds an extra layer of security for online card payments by verifying cardholders with Airwallex.

Copy for LLMView as Markdown

3D Secure (3DS) authentication is a security protocol that adds an extra layer of verification for online card payments. Understanding how 3D Secure works is important when managing card programs and monitoring transaction approval rates, as it affects both the security of card payments and the checkout experience for cardholders.

The protocol requires cardholders to complete a verification step with Airwallex during payment, which helps reduce fraud and shifts liability for fraudulent payments from merchants to Airwallex in case of disputes. Airwallex supports 3D Secure 2 (3DS 2) on all authorization transactions generated via commercial or consumer cards.

How 3D Secure works

3D Secure operates as a three-domain authentication protocol, involving three parties in the verification process:

Issuer domain: The card issuer (Airwallex) that authenticates the cardholder.
Acquirer domain: The merchant's bank that processes the payment.
Interoperability domain: The card scheme (Visa) infrastructure that facilitates communication between the issuer and acquirer.

When a cardholder initiates an online payment, the merchant's system sends the transaction details to the card scheme, which forwards them to Airwallex for authentication. Airwallex evaluates the risk and determines whether additional verification is needed. If verification is required, Airwallex presents an authentication challenge to the cardholder, typically by sending a one-time password (OTP).

3D Secure 2 enhancements

3D Secure 2 (3DS 2) significantly improves both security and cardholder experience by enabling frictionless authentication for low-risk transactions, supporting a much richer data exchange (up to 150 elements) for more accurate risk assessments, and providing a seamless, adaptive authentication flow across devices and interfaces. These enhancements reduce the need for cardholder interaction during checkout while ensuring robust fraud prevention.

Risk-based authentication

Airwallex determines the risk level of each transaction based on the information available during verification. This risk assessment considers factors such as:

Transaction amount and currency.
Merchant category and history.
Cardholder device and location.
Payment patterns and behavior.
Historical transaction data.

When Airwallex identifies a transaction as high risk or requires additional information for verification, it presents an authentication challenge to the cardholder. The authentication method used is:

One-time password (OTP): A temporary code sent to the cardholder's registered phone number or email address.

OTP delivery for Airwallex Issuing

For Airwallex issued cards, the system uses the email and mobile_number fields on the cardholder object to send OTPs during authentication challenges. It is important to ensure these fields contain accurate and up-to-date contact information for the cardholder.

If a cardholder is not receiving OTPs at their mobile number or email address, refer to I'm not receiving the verification code for my card payment (Visa 3DS) for troubleshooting guidance.

Liability shift

One of the key benefits of 3D Secure authentication is the liability shift it provides. When a cardholder successfully completes 3D Secure authentication, liability for fraudulent chargebacks typically shifts from the merchant to Airwallex. This protection encourages merchants to implement 3D Secure and helps reduce fraud-related losses.

However, the liability shift only applies when authentication is successful. If authentication fails or is not attempted, the merchant may remain liable for any subsequent fraudulent disputes.