How do I set up 3D Secure 2.0?

To leverage 3D Secure 2.0, you will need to implement the 3D Secure authentication process in your transaction processing.

Must know:

  • 3DS 2.0 is available to TD, First Data, and Global pay processing merchants only.
  • Our support team must enroll you into the 3D Secure 2.0 services. You can contact our support team here.      
  • Implementing 3D Secure 2.0 to your current transaction flow requires some technical knowledge on browser behavior and situational programming.

How do I set up 3D Secure 2.0?


When your customer (the cardholder) starts a transaction on your website, either one of these two scenario flows can happen: 

  • Challenge flow: The cardholder will need to provide additional data to authenticate themselves.
  • Frictionless flow: The cardholders will not need to authenticate themselves as the authentication took place in the background without their input. In this case, the issuer is confident with the information you provided with the transaction, and the liability shifts to the issuer. 

As the decision is now in the hands of the issuer, they will ask you for more data. The more data you provide, the more accurately the issuer can make their decision about the risk of the transaction - ultimately leading to a frictionless scenario for your customers. 

We would recommend reading further about this implementation using our REST API on our Developer Documentation.


Some merchants complete the Visa Secure, MasterCard Identity Check, or AMEX SafeKey certification to handle authentication on their own side. These merchants can use their existing authentication process and send the results of the bank authentication to us with their standard transaction request. To do this, the merchant must integrate using a server-to-server type connection. 

Note: This option must be enabled by us. Contact Customer Care (via email or by calling us at 1-833-226-2672) if you want to use this method.

The Visa Secure, MasterCard Identity Check, or AMEX SafeKey bank authentication results must be sent with the transaction request using these five system variables:




The 3D Secure transaction identifier


SecureECI is a 1 digit status code


The 40-character cardholder authentication verification value


The 36-character Directory Server transaction ID


The version of 3D Secure (1 or 2) to process with

You can see an example of the transaction request with these variables on our Developer Documentation.

Good to know:

  • Visa and AMEX Transactions that return a Status response of “Success” will appear in the Transaction Report with a golden checkmark.
Was this article helpful?
0 out of 1 found this helpful