3D Secure benefits cardholders and merchants by providing an additional layer of verification. During the checkout process, a lookup is performed to determine if the cardholder is enrolled in 3D Secure and whether they will need to authenticate the transaction. If authentication is necessary, the Braintree SDK will display a web page provided by the card issuer. This page will verify the cardholder’s identity, which is usually achieved by entering a password. Learn more about 3D Secure processing in our support article.
In addition to helping fight fraudulent card use, 3D Secure can shift liability for chargebacks due to fraud from the merchant to the card issuer. For example, if the card issuer does not participate in 3D Secure but the card brand supports this extra protection (i.e. Visa or Mastercard), the liability will shift to the card issuer.
3D Secure does not shift liability for all fraudulent chargebacks. You can determine whether or not liability shift occurred by the 3D Secure status code returned for the authentication.
On the client side:
- Generate a client token
- Render a checkout page to collect customer payment information
- Verify the credit card amount
- The customer may be prompted to authenticate using their bank login credentials if they are enrolled in 3D Secure and the card-issuing bank either always requires password authentication or has identified the transaction as risky
On the server side:
- If the authentication is completed successfully or none was required, use the returned
nonceto create a transaction.