Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

1. What is 3D Secure™?

3D Secure is a verification process created by Visa and MasterCard to further secure online transactions.

As more and more consumers shop online, new risks are exposed. The anonymity of the internet poses the danger of unauthorised credit card purchases as there is no way of telling if the consumer is in fact the authorised holder of the card used for payment. In light of these increasing risks to merchants, the card issuers realised that reducing chargeback risk is important in order for the industry to grow.

3D Secure was introduced in an effort to authenticate shopper identity, reduce online fraud risk, and safeguard credit card payment transactions. Cardholders are being enrolled for 3D Secure in order to be authenticated as the legitimate cardholder. The authentication provides an extra security step during the cardholder’s online transaction with the retailer. Retailers enrolled for 3D Secure will have their chargeback risk reduced by shifting the responsibility of the transaction chargeback risk to the issuing bank of the cardholder.

MasterCard brand their system 'MasterCard SecureCode' and Visa is banded as 'Verified by Visa'

With online fraud being top of the agenda for the Payment Association of South Africa (PASA), the body has taken the decision to make it compulsory for all e-commerce merchants to be enrolled in the 3D Secure program by the 28th of February 2014. More information on this mandata is provided here

 

2. How does 3D Secure work on the PayU payment platform?

The merchant’s bank will assist with the enrolment process and assign a chargeback risk profile. The merchant then requests PayU to enable his PayU account for the 3D Secure authentication service. The necessary detail required to activate 3D Secure in the PayU system is then provided by the merchant’s acquiring bank. In some cases small changes are required on the merchant website to accommodate the authentication process.

 

2.1. 3D Secure Payment Scenarios

  • Scenario 1: Both the cardholder and merchant is enrolled for 3D Secure

The shopper uses his/her 3D Secure enrolled credit card to pay for a service or product. The payment request is sent to the PayU payment platform where the card is checked against the cardholder’s bank to confirm if the card is 3D Secure enabled. If the card is enrolled for 3D Secure, the shopper is redirected to the 3D Secure authentication screen where he/she is prompted to input a one-time pin (OTP). This OTP is sent via text message to the mobile phone number that the cardholder used to register for 3D Secure at his/her bank.

On completion of the cardholder authentication, the transaction is completed at the bank and the shopper is redirected back to the merchant’s website. If the 3D Secure authentication is successful, then the transaction has a low chargeback risk by being fully authenticated. Should the 3D Secure authentication fail, the transaction fails.

The pictures below depict the shopper's payment experience with both the cardholder’s card and the merchant enrolled in the 3D Secure program.

The results of the 3D Secure transactions reflect in PayU’s transaction reports.

 

  • Scenario 2: The merchant is enrolled in the 3D Secure program, but the shopper's card is not enrolled

If a shopper's card is not enrolled in 3D Secure, the payment request still goes to PayU's payment platform which in turn passes the details on to the merchant's bank account. However, the authentication step is not shown to the shopper. The bank then transmits the result of the payment to PayU, and PayU in turn notifies the merchant website of the result. The merchant website then displays to the shopper whether the transaction was successful or not. This transaction’s chargeback liability is still with the card issuing bank but there is a slightly higher chargeback risk associated as it is not fully authenticated for 3D Secure. For a detailed explanation on liability shift, refer to the section below where liability shift is explained.

These transaction results are also shown in PayU's transaction reports, but not marked as 3D Secure transactions.

 

  • Scenario 3: The merchant is enrolled in 3D Secure but bypasses the 3D Secure process

If the merchant bypasses the 3D Secure process in any way, the liability shifts to the merchant and cardholder can dispute the transaction and claim a chargeback from his/her issuing bank. The transaction will be reversed by the card issuing bank and passed on to the merchant acquiring bank who will then deduct the transaction amount from the merchant. This is classified as a high chargeback risk transaction.

 

2.2. PayU chargeback risk configuration

PayU’s default configuration will fail 3D Secure transactions that create a liability shift towards the merchant. PayU also have a low chargeback risk configuration that will only allow fully authenticated 3D Secure transactions to take place. This eliminates most of the chargeback risk. Merchants that are allowed by the card acquiring banks to bypass 3D Secure have the option to accept transactions regardless of the 3D Secure authentication outcome. All PayU merchants are advised to check the transaction reports as this indicates where the transaction liability shifts to.


For more information please download and read the PayU 3D Secure merchant guide


3. PASA 3D Secure mandate

With online fraud being top of the agenda for the Payment Association of South Africa (PASA), the body has taken the decision to make it compulsory for all e-commerce merchants to be enrolled in the 3D Secure program by the 28th of February 2014. For more information on this please go here.

Please contact our support team here if you would like to enable your existing PayU merchant account for 3D Secure.


4 How do PayU merchants enable and integrate into 3D secure payments?

PayU offers various products that support 3D Secure transactions. Depending on the product, extra development may be required from the merchant's development team to successfully implement 3D Secure. Technical documentation based on the product below can be viewed at the following locations:

 

 

 

  • No labels