Overview
Oceanpayment provides full support for the 3D Secure (3DS) protocol, adding an extra layer of authentication for cross-border e-commerce transactions. This helps merchants meet global regulatory requirements (such as PSD2 SCA in Europe) while effectively reducing fraud and chargeback rates.
What is 3D Secure?
3D Secure (Three-Domain Secure) is an online payment security protocol designed to reduce fraud in credit and debit card transactions by introducing an additional authentication step. It is based on a three-domain security model:
- Issuer domain: The cardholder and their issuing bank.
- Acquirer domain: The merchant and their acquiring bank (or a payment service provider such as Oceanpayment).
- Interoperability domain: The card networks (for example, Visa and Mastercard) that provide the infrastructure enabling secure communication between the issuer and acquirer domains.
3DS Versions
Oceanpayment supports 3DS 1.0 and 3DS 2.0 / 2.1 / 2.2 / 2.3 (collectively referred to as 3DS2). We strongly recommend using 3DS2, as it offers enhanced security and a more optimized user experience.
- Support for frictionless, in-app, and embedded authentication flows, delivering a smoother user experience.
- The ability to pass rich transaction data (such as transaction type, merchant name, shipping address, and device information) to issuers, enabling risk-based authentication (RBA).
- Improved support for mobile apps and smart devices.
- Broader authentication methods, including biometrics (fingerprint and facial recognition), push notifications, and behavioral analysis.
- Higher security with less friction, improved conversion rates, and a better mobile experience.
3DS Authentication Flow
Oceanpayment supports two ways to trigger 3D Secure authentication:
- Oceanpayment-controlled 3DS: Oceanpayment determines whether 3DS is required and automatically redirects the cardholder to the 3DS authentication page.
- Merchant-controlled 3DS: The merchant decides whether to perform 3DS authentication and submits the authentication result to Oceanpayment.
Oceanpayment-controlled 3DS Flow
The 3DS authentication process involves multiple parties and follows these steps:
- The cardholder places an order on the merchant’s website, and the merchant submits a payment request through Oceanpayment.
- If 3DS authentication is required, Oceanpayment returns the response and automatically redirects the cardholder (or allows the merchant to redirect) to the issuer’s 3DS authentication page.
- The cardholder completes authentication on the issuer’s page using a password, one-time passcode, or biometric verification (such as fingerprint or facial recognition).
- Oceanpayment returns the authentication result to the merchant. The merchant receives the payment result (via synchronous response or asynchronous notification) with the transaction identified as a 3DS transaction and displays the final payment status to the cardholder.
Merchant-controlled 3DS Flow
- The merchant decides whether the transaction requires 3DS authentication.
- If required, the merchant initiates authentication using its own 3DS Server.
- After the cardholder completes authentication, the merchant receives the 3DS authentication result fields listed below.
| param_name | Type | Length | Required | Description |
|---|---|---|---|---|
card_eci | string | 0-50 | No | ECI value returned by the MPI |
card_cavv | string | 0-50 | No | CAVV value returned by the MPI |
card_xid | string | 0-50 | No | XID value returned by the MPI |
DSTransactionId | string | 0-50 | No | DSTransactionId returned by the MPI |
mpiVersion | string | 0-50 | No | ThreeDSVersion returned by the MPI |
- The merchant submits the payment request to Oceanpayment, including the 3DS authentication data.
- Oceanpayment processes the payment based on the provided 3DS information.