3D Secure (3DS) is an authentication protocol for online card payments developed by major card networks. It reduces the risk of fraud by ensuring the card is used by its true holder through multi-factor authentication.
Note – Separate from SCA on Owners
This article discusses 3DS and how it addresses the SCA requirements during card pay-in flows.
Mangopay’s SCA on Owners feature addresses the same regulatory requirements but on other actions.
This protocol involves the following actors:
The 3DS2 protocol benefits all the actors of an online transaction. It contributes to:
The second version (3DS2) facilitates strong customer authentication (SCA) to meet the regulatory technical standards of the European Union’s revised Payments Services Directive (PSD2).
In the pay-in scope, the regulations apply SCA to card transactions that are:
At Mangopay, this means that your platform needs to be ready to redirect the user for 3DS on the following card API calls:
SCA doesn’t apply on card authorizations in some cases:
Platforms can process MOTO transactions with Mangopay by setting the PaymentCategory
parameter to TelephoneOrder
(otherwise ECommerce
by default). The feature requires activation by Mangopay and is available on the following endpoints:
Caution - Liability with platform for MOTO transactions
Because SCA does not apply to MOTO transactions, they are inherently less secure and liability is always with the platform in case of chargeback.
When the platform’s app or website starts processing the payment, the following flows can be triggered:
is required: the platform redirects the end user to the payment page for SCA. This step is mandatory for the payment to succeed.
Based on the data sent by the platform, the card issuer identifies the transaction as low risk and does not require SCA. Such cases are called exemptions.
3DS is triggered when:
SecureMode
parameter of the pay-in to FORCE
.SecureMode
parameter to FORCE
. This may be because the transaction amount exceeds the platform’s or due to Mangopay’s analysis of the fraud risk.SecureMode
value or if the parameter is not present.Caution - The issuer decides when SCA is applied on pay-ins
Regardless of the requested flow, the final decision to apply SCA or not rests with the in a pay-in scenario.
In other words, you can set the SecureMode
parameter to FORCE
and end up being exempted from SCA, or request for an exemption and still have SCA applied.
For more information about how to handle 3DS redirection, see:
Learn how to process a card payment
Note – Different from exemptions applied by Mangopay during SCA on Owners
This section discusses the SCA exemptions that may be applied by issuers during card authorization. In a pay-in scenario, Mangopay requests exemptions from the issuer on behalf of your platform, but it is the issue that has the final say on applying the exemption.
The exemptions allowed by the regulations and applied by Mangopay during its own SCA authentication features are not the same.
Acquirers like Mangopay may request exemptions to SCA for some . These exemptions are based on the transactional data collected thanks to 3DS2. Issuers can then either:
Note - No exemption for recurring pay-ins (CIT)
SCA is always applicable for CITs when making a recurring pay-in.
Exemptions:
On pay-ins, the following transaction types may be exempted from SCA if accepted by the issuer:
Low-amount transactions | Transactions under €30 may be exempted until they reach one of the following limits:
These limits have no timeframe and transactions with any payment service provider (PSP) count towards the limits. Note: Amounts considered as low can vary depending on the bank, currency, and Mangopay’s internal rules to ensure a smooth and secure experience. |
---|---|
Low-risk transactions | Transaction risk analysis (TRA) tools of PSPs allow the regulatory technical standards to define reference fraud rates under which certain transaction amounts may be exempted. Are considered low risk:
|
3D Secure (3DS) is an authentication protocol for online card payments developed by major card networks. It reduces the risk of fraud by ensuring the card is used by its true holder through multi-factor authentication.
Note – Separate from SCA on Owners
This article discusses 3DS and how it addresses the SCA requirements during card pay-in flows.
Mangopay’s SCA on Owners feature addresses the same regulatory requirements but on other actions.
This protocol involves the following actors:
The 3DS2 protocol benefits all the actors of an online transaction. It contributes to:
The second version (3DS2) facilitates strong customer authentication (SCA) to meet the regulatory technical standards of the European Union’s revised Payments Services Directive (PSD2).
In the pay-in scope, the regulations apply SCA to card transactions that are:
At Mangopay, this means that your platform needs to be ready to redirect the user for 3DS on the following card API calls:
SCA doesn’t apply on card authorizations in some cases:
Platforms can process MOTO transactions with Mangopay by setting the PaymentCategory
parameter to TelephoneOrder
(otherwise ECommerce
by default). The feature requires activation by Mangopay and is available on the following endpoints:
Caution - Liability with platform for MOTO transactions
Because SCA does not apply to MOTO transactions, they are inherently less secure and liability is always with the platform in case of chargeback.
When the platform’s app or website starts processing the payment, the following flows can be triggered:
is required: the platform redirects the end user to the payment page for SCA. This step is mandatory for the payment to succeed.
Based on the data sent by the platform, the card issuer identifies the transaction as low risk and does not require SCA. Such cases are called exemptions.
3DS is triggered when:
SecureMode
parameter of the pay-in to FORCE
.SecureMode
parameter to FORCE
. This may be because the transaction amount exceeds the platform’s or due to Mangopay’s analysis of the fraud risk.SecureMode
value or if the parameter is not present.Caution - The issuer decides when SCA is applied on pay-ins
Regardless of the requested flow, the final decision to apply SCA or not rests with the in a pay-in scenario.
In other words, you can set the SecureMode
parameter to FORCE
and end up being exempted from SCA, or request for an exemption and still have SCA applied.
For more information about how to handle 3DS redirection, see:
Learn how to process a card payment
Note – Different from exemptions applied by Mangopay during SCA on Owners
This section discusses the SCA exemptions that may be applied by issuers during card authorization. In a pay-in scenario, Mangopay requests exemptions from the issuer on behalf of your platform, but it is the issue that has the final say on applying the exemption.
The exemptions allowed by the regulations and applied by Mangopay during its own SCA authentication features are not the same.
Acquirers like Mangopay may request exemptions to SCA for some . These exemptions are based on the transactional data collected thanks to 3DS2. Issuers can then either:
Note - No exemption for recurring pay-ins (CIT)
SCA is always applicable for CITs when making a recurring pay-in.
Exemptions:
On pay-ins, the following transaction types may be exempted from SCA if accepted by the issuer:
Low-amount transactions | Transactions under €30 may be exempted until they reach one of the following limits:
These limits have no timeframe and transactions with any payment service provider (PSP) count towards the limits. Note: Amounts considered as low can vary depending on the bank, currency, and Mangopay’s internal rules to ensure a smooth and secure experience. |
---|---|
Low-risk transactions | Transaction risk analysis (TRA) tools of PSPs allow the regulatory technical standards to define reference fraud rates under which certain transaction amounts may be exempted. Are considered low risk:
|