Frequently Asked Questions

3DS2 is the new industry standard for customer authentication. It adds the latest security technology to your checkout, protecting you from fraudulent chargeback transactions.  

It allows the cardholder’s identity to be authenticated by their bank at the
time of purchase.

When a customer purchases items online using a credit or debit card via phone, tablet, laptop or other device, the 3DS2 technology sends the transaction details, payment method and device information to the card issuer.

The card issuer then reviews the data and determines the type of authentication to use. Transactions will be categorised by the issuer as high risk or low risk.

Low risk transactions will flow seamlessly through the system without any further interaction with the cardholder. This is referred to as frictionless flow.

For high risk transactions, the card issuer may ask the cardholder to verify themselves. The type of verification used is determined by the issuer. This is referred to as challenge flow.

Once a payment has been successfully authenticated, authorisation for the payment will be initiated.

3DS2 offers you improved transaction security, and the liability for fraudulent transactions is shifted away from you.

For your customers, it offers quicker authentication, fewer purchases inaccurately declined and confidence in safety of the transaction.

3DS2 expands on the functionality of 3DS1 and makes the experience more secure, effective, and seamless for all stakeholders. 3DS2 supports different payment channels, enables
10 times more data to be exchanged to the card issuer to enhance decisioning and is faster and more efficient than 3DS1. 

If you are signed up for SecurePay's 'all in one' product, 3DS2 can be used for Visa and Mastercard.

If you are signed up for our Gateway only product, 3DS2 can be used for Visa, Mastercard and Amex, depending on your acquiring facility. 

3DS2 is supported for Payment Authorisation and Initial/Pre-Authorisation transaction types.

3DS2 is available on SecurePay API, XML API integration and Direct Post integration methods. It is also available on our Magento 2 and WooCommerce e-commerce extensions.

Note: it is not available for on our OpenCart and PrestaShop e-commerce extensions.

Yes, it is available to all merchants on our 'all-in-one' product for Visa and Mastercard transactions.

3DS2 is available to Gateway merchants on selected acquiring bank links for the Gateway product. It's available on NAB (Visa and Mastercard), Westpac (Visa, Mastercard and Amex) and ANZ (Visa and Mastercard).

Once you have been onboarded with SeucrePay using the SecurePay API integration method, you can enable 3DS2 on your account by following the steps below:

1. Login to your SecurePay account

2. Click on the ‘payment features’ tab

3. Add 3DS2 and complete the application form and instructions 

4. Once approved we’ll send you an email with integration instructions 

If you are using another integration method, call our customer support team on 1300 786 756 to sign up.

Please note that if you’re on our Gateway only product, you will need to enrol to the schemes first through your acquiring facility.

A flat rate of $0.05 per billable authentication transaction will be charged and will be reflected in your monthly billing invoice.

Our customer support team will reach out to you for more information via email or call. You can also see the status of your application and the reason for decline when you login to your SecurePay account.

Please reach out to our customer support team on 1300 786 756.

This is how we can ensure that only the authentication requests coming from your domain are allowed.

You can register up to 5 domains. The total length of the 5 domains must not be greater than 255 characters.

If you are using the SecurePay API integration, you can access the integration guide here: integration guide

If you are using the XML API or Direct Post integration, you can access the integration guide here: integration guide

Your authenticated 3DS2 transactions can be seen when you log in to the merchant portal. 3DS2 details are included on the transaction details page.

The parameter called liability shift indicator is used to tell whether the fraud chargeback liability is shifted to the card issuer or if it stays with you after the authentication process.

After authentication, if the liability shifts to the issuer, you can safely proceed with the payment as this means the issuer has authenticated the transaction successfully and found no anomalies after authentication.

To help you, the authentication value (CAVV), ECI, liability shift indicator, transaction status and transaction status reason will be received during authentication response.

Please note that the liability shift is governed by scheme rules and is applicable for relevant fraud related chargeback reason codes only.

You need to include the 3DS2 order used during authentication in your payment request. Refer to the updated integration guide.

Yes, authentication and authorisation are two independent processes which are triggered separately to allow you to decide whether to proceed with authorisation after the authentication process. 

If the verification check fails, we recommend you do not proceed with the transaction as this is a strong indicator of potential fraud. If you choose to proceed with the transaction after a cardholder has failed the verification check, you will incur the liability should a chargeback result.

SecurePay allows the reuse of the 3DS2 order for retrying an authentication request for up to 3 times. This excludes any incorrect challenge answers by the cardholder.  

No, 3DS2 is only supported via XML API, Direct Post V2 and the SecurePay API integration methods.

Please refer to the SecurePay response codes guide. You can reach out to customer support team on 1300 786 756 for further assistance.

Please reach out to our customer support team on 1300 786 756 if you wish to disable 3DS2 from your account.

Please note, any attempt of 3DS2 authentication after disabling will cause the request to fail.

Please reach out to our customer support team on 1300 786 756 to disable 3DS1 from your account.

Please note, once you activate 3DS2 on your account, we highly recommend that you ensure it is working before deactivating 3DS1.