About 3D Secure
3D Secure (3DS) is a security protocol used to authenticate a cardholder during an online card transaction. When a cardholder spends above a certain amount, they'll be prompted to verify their identity. If they fail to authenticate or abandon the process, then the transaction is voided.
Why it matters
3DS allows you to reduce the risk of potential fraud and comply with local regulations. It's a required form of Strong Customer Authentication (SCA) introduced by the Revised Payment Services Directive (PSD2). PDS2 applies to the European Economic Area (EEA), Monaco, and the UK. It applies to transactions that are higher than €30.00 or £30.00.
How it works
When a customer's purchase is above the maximum value, we'll notify you that the merchant has requested additional authentication using the 3DSAuthRequest webhook.
You'll need to redirect the customer to their issuing bank's Access Control Server (ACS) so that they can verify their identity. There are several ways they can do this, such as entering a one-time passcode sent via SMS by the issuer or submitting biometric data.
Once this is done, you'll need to send a request to the v2/cards/3ds endpoint to update Marqeta about the outcome of the customer's authentication. The possible outcomes are described below.
| Outcome | Description |
|---|---|
SUCCESS |
The cardholder successfully completed the authentication process. |
FAILED |
The cardholder failed the authentication process and their identity wasn't verified. For example, if they entered the wrong code. |
CANCELLED |
The cardholder cancelled the authentication process. |
NOT_AUTHENTICATED |
The cardholder failed to complete the authentication process. For example, due to a timeout. |
info
For more information about this endpoint, see Update a 3DS authentication request.
If your request is successful, we'll return a 200 response to you and the transaction will be processed normally. You'll then receive a CardTransaction webhook containing a transaction.response.code informing you of the final status of this transaction. View a list of possible response codes.