> For the complete documentation index, see [llms.txt](https://plexo.gitbook.io/rest-api/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://plexo.gitbook.io/rest-api/core-concepts/3ds-authentication.md). # 3D Secure (3DS) Authentication *Brief explanation: 3D Secure (3DS) is an additional security layer for online card payments that reduces fraud and shifts liability from merchant to card issuer.* ## What is 3D Secure? 3D Secure (3DS) is an authentication protocol developed by card networks to reduce fraud in card-not-present (CNP) transactions. When 3DS is enabled, cardholders may be challenged to authenticate their identity during checkout (e.g., entering a one-time password). **"Three Domains" in 3DS:** 1. **Acquirer Domain**: Merchant and payment gateway (Plexo) 2. **Issuer Domain**: Cardholder's bank 3. **Interoperability Domain**: Card network infrastructure (VISA, Mastercard, etc.) **Branding by Card Network:** * **VISA**: Verified by Visa * **Mastercard**: Mastercard SecureCode ## Why Use 3DS? ### Fraud Reduction * Authenticates cardholder identity * Reduces unauthorized card usage * Lowers chargeback rates * Protects both merchant and cardholder ### Liability Shift When 3DS authentication succeeds: * **Liability shifts to card issuer** (bank) * Merchant protected from fraudulent chargebacks * Issuer assumes responsibility for authenticated transactions **Without 3DS:** ``` Fraudulent Chargeback → Merchant loses funds + fees ``` **With 3DS (successful authentication):** ``` Fraudulent Chargeback → Issuer assumes liability ``` ### Regulatory Compliance * **PSD2 (Europe)**: Requires Strong Customer Authentication (SCA) * **SCA Exemptions**: 3DS2 enables low-risk exemptions * **Global Standards**: Increasing adoption worldwide ## 3DS Version Plexo supports **3DS 2.0** (3D Secure 2), the current industry standard that provides enhanced security and user experience: * **Risk-Based Authentication**: More data shared for better risk assessment * **Frictionless Flow**: Many transactions can be approved without challenge based on risk assessment * **Mobile-Optimized**: Native app and mobile browser support * **Rich Data**: Over 100 data points shared with issuer * **Better UX**: In-app authentication, biometrics, seamless flows {% hint style="info" %} **Note**: 3DS 1.0 is not supported. All 3DS transactions use the modern 3DS 2.0 protocol. {% endhint %} ## How 3DS Works with Plexo Plexo integrates with 3DS authentication providers to enable secure card authentication. ### 3DS Availability 3D Secure authentication is available for: **Payment Methods:** * VISA * MASTERCARD **Payment Processors:** * Totalnet * OCA {% hint style="info" %} 3DS is only supported when using VISA or MASTERCARD payment methods with Totalnet or OCA as the payment processor/acquirer. {% endhint %} {% tabs %} {% tab title="Gateway Mode" %} Configure 3DS for Gateway mode merchants using Totalnet or OCA processors with VISA/MASTERCARD payment methods. {% endtab %} {% tab title="PayFac Mode" %} **Note**: 3DS availability in PayFac mode depends on the PayFac provider's integration. Contact Plexo support for PayFac 3DS configuration. {% endtab %} {% endtabs %} ## 3DS Transaction Flow ### Standard 3DS Flow ```mermaid flowchart TD A[Customer initiates payment] --> B[Merchant calls Plexo /payments endpoint] B --> C[Plexo creates 3DS session with Provider] C --> D[Provider checks card enrollment] D --> E{Risk Assessment} E -->|Low Risk| F[Frictionless Authentication] F --> G[Authentication approved automatically] G --> H[Payment processed with 3DS result] E -->|High Risk| I[Challenge Required] I --> J[Cardholder redirected to issuer page] J --> K[Cardholder completes authentication] K --> L[Issuer validates and returns result] L --> M[Provider notifies Plexo of authentication result] M --> N[Payment processed with 3DS result] ``` ### Frictionless Flow (No Challenge) In many 3DS2 transactions, authentication happens behind the scenes based on risk assessment: ```mermaid sequenceDiagram participant Merchant participant Plexo participant Provider as 3DS Provider participant Issuer Merchant->>Plexo: Create Payment Request Plexo->>Provider: Initiate 3DS Authentication Provider->>Issuer: Send Authentication Request Issuer->>Issuer: Risk-based evaluation Issuer-->>Provider: Authentication Approved (No Challenge) Provider-->>Plexo: Authentication Success Plexo-->>Merchant: Payment Processed (Liability Shifted) ``` **No user interaction required** – seamless experience. ### Challenge Flow (User Authentication Required) For high-risk transactions or issuer requirements: ```mermaid sequenceDiagram participant Customer participant Merchant participant Plexo participant Provider as 3DS Provider participant Issuer Merchant->>Plexo: Create Payment Request Plexo->>Provider: Initiate 3DS Authentication Provider->>Issuer: Send Authentication Request Issuer-->>Provider: Challenge Required Provider-->>Plexo: Redirect URL for Challenge Plexo-->>Merchant: Return Redirect URL Merchant-->>Customer: Redirect to Issuer Page Customer->>Issuer: Complete Authentication (OTP/Biometric) Issuer->>Issuer: Validate Credentials Issuer->>Provider: Authentication Result Provider->>Plexo: Callback with Result Plexo-->>Merchant: Payment Processed (if authenticated) ``` ## Authentication Status Codes For a complete reference of 3DS authentication status codes, ECI values, and liability shift rules, see [3DS Authentication Statuses Reference](/rest-api/reference/3ds-statuses.md). ## Related Resources * [3DS Integration Guide](/rest-api/payments/3ds-integration.md) - Step-by-step implementation guide * [API Endpoints](/rest-api/api-reference/api-reference.md) - Interactive API documentation * [3DS Authentication Statuses](/rest-api/reference/3ds-statuses.md) - Status codes and ECI values * [Supported Payment Methods and Processors](/rest-api/reference/supported-payment-methods.md) - Complete reference * [Gateway vs PayFac Modes](/rest-api/core-concepts/gateway-vs-payfac.md) - Operation modes --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://plexo.gitbook.io/rest-api/core-concepts/3ds-authentication.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.