Skip to main content

3D Secure overview

3-D Secure (3DS) is a protocol designed to be an additional security layer for online transactions. During the checkout process, the customers are required to complete an extra authentication step to verify the cardholder's identity, which reduces fraud and meets regulatory requirements.

How it works#

3DS allows the merchant to challenge its customers by asking them to perform an action that only cardholders are able to complete. Based on different mechanisms, the challenge can have different formats:

  • The cardholder goes through a frictionless flow where Revolut sends information about the device being used. This might be enough for the issuing bank to approve the payment. This format is called Fingerprint.
  • The cardholder is asked to provide a one-time password (OTP) sent to their phone, which is registered with their bank account. This is the usual format of the challenge.
  • The cardholder is asked to verify the transaction using their card bank application. This is a more modern and common format.

Benefits#

Payments that are successfully authenticated using 3DS are covered by a liability shift, which means that the liability of the payment in case of fraud is with the issuing bank and not with you as a merchant.

In case of a chargeback for a payment where 3DS was used, by default the cardholder’s bank is responsible and liable to refund this amount to the cardholder.

caution

As a merchant, using 3DS for payment authentication does not mean that you are immune to any disputed payments.

Our 3DS solution#

The Payments Services Directive (PSD2) regulations stipulate that merchants must be compliant with the Strong Customer Authentication (SCA) procedures from 1st January 2021. The Financial Conduct Authority FCA has extended the deadline for the UK to 14th September 2021.

To ensure your safety as a merchant and to protect cardholders from having their stolen cards being used without their knowledge, Revolut performs a 3DS challenge when needed when a card payment is being made. This also ensures that you don't have to worry about being compliant with PSD2, Revolut takes care of it for you.

Was this section helpful?