3D Secure benefits cardholders and merchants by providing an additional layer of verification. During the checkout process, a lookup is performed to determine if the cardholder is enrolled in 3D Secure and whether they will need to authenticate the transaction. If authentication is necessary, the Braintree SDK will display a web page provided by the card issuer. This page will verify the cardholder’s identity, which is usually achieved by entering a password. Learn more about 3D Secure processing in our support article.

How it works

In addition to helping fight fraudulent card use, 3D Secure can shift liability for chargebacks due to fraud from the merchant to the card issuer. For example, if the card issuer does not participate in 3D Secure but the card brand supports this extra protection (i.e. Visa or Mastercard), the liability will shift to the card issuer.

Payment flow

On the client side:

  • Generate a client token
  • Render a checkout page to collect customer payment information
  • Verify the credit card amount
  • The customer may be prompted to authenticate using their bank login credentials if they are enrolled in 3D Secure and the card-issuing bank either always requires password authentication or has identified the transaction as risky

On the server side:

  • If the authentication is completed successfully or none was required, use the returned nonce to create a transaction.

Next: Configuration →

Still have questions?

If you can’t find an answer, contact our Support team.