3D Secure benefits cardholders and merchants by providing an additional layer of verification. During the checkout process, a lookup is performed to determine whether the card is eligible to use 3D Secure. If the lookup determines that the cardholder should authenticate using 3D Secure, the Braintree SDK will display a web page that is provided by the card issuer. This page will verify the cardholder’s identity, which is usually achieved by entering a password.
In addition to helping fight fraudulent card use, 3D Secure can shift liability for chargebacks due to fraud from the merchant to the card issuer. If the card issuer does not participate in 3D Secure but the card brand supports this extra protection (i.e. Visa or Mastercard), the liability will shift to the card issuer. If the card issuer does participate in 3D Secure but the cardholder chooses not to enable this feature, the liability remains with the merchant.
Here is a chart to help clarify. A checkmark indicates that the party supports or participates in 3D Secure.
|Cardholder||Card Brand||Card Issuer||Merchant||Liability|
On the client side:
- Generate a client token
- Render a checkout page to collect customer payment information
- Verify the credit card amount.
- If the customer's card is enrolled in a 3D Secure program, the customer will be prompted to authenticate using their bank login credentials
On the server side:
- If the authentication is completed successfully or none was required, use the returned
nonceto create a transaction.