3-D Secure 2
PayWay is a simple, secure, internet-based solution to collect and manage customer payments. 3-D Secure is designed to prevent fraud by allowing the card issuer to authenticate your customer before you process a payment.
The PayWay REST API supports 3-D Secure version 2.
Benefits of 3-D Secure
The benefits of 3-D Secure version 2 are:
- Improved risk analysis - card issuers have the information they need to perform risk analysis
- Make it easy for your customers to pay - customers who are judged low-risk enjoy a frictionless flow
- Lower costs - less fraud and fewer chargebacks
For more information, see:
How it works
- Your customer enters their credit card details
- You send additional information through PayWay to your customer's bank
- Your customer's bank decides if processing should stop, go ahead, or if a challenge is required
- If a challenge is required, your customer must pass the challenge before continuing
- The payment is processed or credit card is stored in the PayWay Vault
What additional information is sent?
The additional information includes the customer's contact details, shipping address, and type of goods being purchased. This allows your customer's bank to decide if a challenge is required.
For a full list of fields, see authenticate in the PayWay REST API.
What is a challenge?
A challenge allows your customer's bank to authenticate your customer. A challenge window is displayed on your website. The customer enters information into the challenge window. For example, their bank may send an SMS verification code and require the customer to type it in.
What is a frictionless flow?
In a frictionless flow, the customer does not need to complete a challenge.
How to implement 3-D Secure Version 2
To enable 3-D Secure version 2, you will need:
- someone with Client Administrator access to enable 3-D Secure version 2
- a software developer to make changes to your website
Enable 3-D Secure Version 2
To enable 3-D Secure version 2:
- Sign in to PayWay
- Click Settings
- Click 3-D Secure Version 2
- Agree to terms and conditions and click Confirm.
To add modules, you need Client Administrator access.
Trusted Frame and REST API
These steps assume you have already implemented a Trusted Frame solution.
Step 1: Pre-Authentication
To opt-in to 3-D Secure version 2, when you call createCreditCardFrame pass option threeDS2: true.
PayWay will check if the credit card is enrolled in 3-D Secure version 2.
When PayWay sends the singleUseTokenId to your site, check field threeDS2AuthRequired.
| threeDS2AuthRequired | Next action |
|---|---|
| true | Send an Authentication request |
| false | Process a payment, create a customer or update a customer |
Step 2: Authentication
To authenticate the cardholder, your server must send a POST to the PayWay REST API. This allows you to pass information, such as your customer's email address, billing address, etc.
The response will contain a transStatus to indicate if you should:
- process a payment, create a customer of update a customer (
AorY) or, - present a challenge window (
C) or, - stop processing (any other value)
Step 3: Challenge
To present a challenge window, call Javascript function payway.createChallengeFrame.
PayWay will send your site an updated transStatus to indicate if the customer has now passed the challenge.
Step 4: Process Payment or Store Credit Card
If transStatus is A or Y after the authentication or the challenge, you should send a request to:
Send parameter threeDS2 set to true.
Classic API
You must integrate with third party 3-D Secure Server Software to perform the authentication.
To process a transaction, you must send additional fields.
Contact us
For sales, help and technical support contact us.