Skip to main content

3D Secure flow for API orders

3D Secure flow for API orders

Last updated: 23-Aug-2019
Rate this article:

Overview

3D Secure is a system designed to increase the security of online transactions using cards by checking customer identities before allowing them to finalize the purchase. 3D Secure works by redirecting your customers to pages provided by their banks, where they need to enter additional security tokens or password to trigger the completion of the charge.

By using 3D Secure, you get additional protection from liability for fraudulent card payments, with your customers having to go through an extra layer of authentication.

Introducing Dynamic 3D Secure via API

Starting with 2Checkout API 5.0, your orders placed via API are processed automatically through the Dynamic 3D Secure flow. Dynamic 3D Secure is a mechanism that allows us to evaluate a transaction in real-time based on a range of rule parameters that are able to determine if 3D Secure should be enabled or not.

Based on specific filters set in our backend system, 3D Secure will be enabled or not on a transaction basis in real-time. The list of filters includes:

  • Credit card issuing country
  • Billing country 
  • IP country 
  • Order amount

If one of these filters is not matching with the thresholds set in the 2Checkout system, 3D Secure will be enabled. Otherwise, the transaction is considered to be safe and can go through without 3D Secure.

Availability

Placing orders via API with the 3D Secure flow is available starting with version 5 of 2Checkout's API.

Benefits

Place orders via API starting with version 5, and let Dynamic 3D Secure mechanism bring you the following advantages:

  • Increased authorization rates – we measured and observed that in specific countries the use of 3D Secure could have an overwhelmingly positive impact (United Kingdom, Russia) while in other countries it has a negative impact (United States, China).
  • Mitigated fraud risks – 3D Secure significantly decreased the fraud rate for your incoming orders.
  • Less chargeback – the use of 3D Secure can reduce the number of chargebacks in some cases (e.g. reasons like fraud/not recognized) as customers are not allowed to open a chargeback with their bank.

How it works

For credit card orders placed starting with 2Checkout API 5.0, you need to pass through additional parameters that support the Dynamic 3D Secure flow.

  1. Once the order has been placed with the customer’s billing details, in order to confirm the payment, the shopper needs to be redirected to a 3D Secure confirmation page. 
  2. The URL where the customer needs to be redirected is provided in the API response, in the PaymentMethod object, under the Authorize3DS object. 
  3. Here, the redirect URL needs to be created by taking the Href attribute (the URL of the authorization page) and adding the parameters provided in the Params object. 
  4. The key-value pairs are the parameters that need to be attached to the URL, where the key is the parameter name and the value is its value. 

For example, for the below parameters:

{
"PaymentMethod": {
    "Authorize3DS": {
    "Href": "https://api.avangate.com/5.0/scripts/credit_card/authorize",
    "Method": "GET",
    "Params": {
        "avng8apitoken": "1234567890abcdef",
            }
        }
    }
}    
    

The URL should be constructed as follows: https://api.avangate.com/5.0/scripts...34567890abcdef.

5. Once the shopper confirms the payment, they will be redirected to the URL provided by you in the Vendor3DSReturnURL. If the payment fails due to 3DS (order could not be validated), then the customer will be returned to the URL provided in Vendor3DSCancelURL.

Send the following parameters as part of the PaymentMethod object:

Parameters Description
Vendor3DSReturnURL Required (string)
  URL address to which customers are redirected after the 3DS details get validated by the bank and the order is successfully authorized.
Vendor3DSCancelURL Required (string)
  URL address to which customers are redirected if the 3DS details were not validated or the order could not be authorized.

 

Rate this article:

Need help?

Do you have a question? If you didn’t find the answer you are looking for in our documentation, you can contact our Support teams for more information. If you have a technical issue or question, please contact us. We are happy to help.

Not yet a Verifone customer?

We’ll help you choose the right payment solution for your business, wherever you want to sell, in-person or online. Our team of experts will happily discuss your needs.

Verifone logo