Payment flow

  • If the authentication is completed successfully or none was required, use the returned nonce to create a transaction.

Create a transaction

To create a 3D Secure transaction:

  1. Pass the payment method nonce you received from your client to your server.
  2. Tell the Braintree gateway how to handle 3D Secure failures.

The gateway uses a boolean to indicate whether or not 3D Secure verification must succeed before creating a transaction. The options.three_d_secure.required parameter defaults to true, unless you explicitly pass false to indicate that you are willing to accept the risk of transactions without a successful authentication.

result =
  :amount => "100.00",
  :payment_method_nonce => nonce_from_the_client,
  :options => {
    :three_d_secure => {
      :required => true

3D Secure information is lost when a 3D Secured payment_method_nonce is used outside of a call.

Vaulted credit card nonces

When creating a 3D Secure transaction with a vaulted card, the process is essentially the same as above – just use the payment method token associated with the vaulted card to create the payment method nonce.

result = Braintree::PaymentMethodNonce.create("PAYMENT_METHOD_TOKEN")
nonce = result.payment_method_nonce.nonce

Server-side details

Payment method nonces will include 3D Secure information such as liability_shifted and liability_shift_possible. This can be used for server-side risk checking before creating transactions.

result = Braintree::PaymentMethodNonce.find("nonce_string")
info = result.payment_method_nonce.three_d_secure_info
if info.nil?
  return # This means that the nonce was not 3D Secured

Transactions also expose 3D Secure info. This can be used for reporting on the details of a 3D Secured transaction after creating it.

transaction = Braintree::Transaction.find("the_transaction_token")
info = transaction.three_d_secure_info
if info.nil?
  return # This means that the nonce was not 3D Secured

Status codes

Here are the possible 3D Secure statuses and their liability shifts.

Status Liability Shifted Liability Shift Possible
"unsupported_card" false false
"lookup_error" false false
"lookup_enrolled" false true
"lookup_not_enrolled" false false
"authenticate_successful_issuer_not_participating" true true
"authentication_unavailable" false false
"authenticate_signature_verification_failed" false true
"authenticate_successful" true true
"authenticate_attempt_successful" true true
"authenticate_failed" false true
"authenticate_unable_to_authenticate" false true
"authenticate_error" false true

Server-side errors

A transaction result may contain a validation error when processing a 3D Secure transaction.

Additionally, if you specify that 3D Secure is required but the customer did not pass 3D Secure authentication or 3D Secure authentication was not attempted, the transaction will be rejected by the Braintree gateway. If the customer’s card is not enrolled in a 3D Secure program but the nonce was generated using verify3DS, then the transaction will not be rejected.

if result.transaction.gateway_rejection_reason == Braintree::Transaction::GatewayRejectionReason::ThreeDSecure
  # Ask for a new payment method

Advanced server-side options

We expose additional information about the authentication request that you can use for more advanced UI flows or risk assessment. You should be aware that making such assessments may result in accepting the liability for fraudulent transactions.

The required flag tells the Braintree gateway that you expect 3D Secure authentication to have succeeded on this transaction. This helps protect you against malicious users tampering with your front-end code and bypassing 3D Secure completely. Setting it to true is the safest option when you expect a transaction to include a 3D Secure authentication. This will only allow transactions to go through if authentication has been attempted and succeeded, or has been attempted and not been possible (in the case of cards not participating in 3D Secure).

The required flag may be changed on a per-transaction basis. We strongly recommend that you default to setting this to true; however, you do have the option of determining your own level of risk and pushing the transaction through regardless of its 3D Secure status by setting required to false.

Next: Testing and Go Live →

Still have questions?

If you can’t find an answer, contact our Support team.