3D Secure

What is 3DS

3DS is a security protocol designed to protect online transactions by authenticating the cardholder before the purchase is made, thus reducing the risk of fraud.

3DS is a fraud protection mechanism for merchants that enhances security when accepting credit card payments.

3DS allows issuing banks to verify credit cardholders during the transaction process. This helps protect cardholders against fraud and transfers liability to merchants.

How does 3DS work?

3DS adds an additional layer of security to online credit and debit card transactions.

Typically, during payment, the cardholder accesses an authentication page on their bank's website and enters a password associated with the card or a code sent to their phone.

When a cardholder successfully authenticates, fraud liability shifts from the merchant to the cardholder, meaning the merchant is not responsible for such payments.

3DS stands for "three secure domains," where:

The first domain is the card issuer.
The second domain is the retailer receiving the payment.
The third domain is the 3DS infrastructure platform that acts as a secure third party for both the consumer and retailer.

A purchase with 3DS follows these steps:

The merchant's payment process collects client information such as billing, shipping, and card information, and sends the data for payment authorization.
DEUNA's or the merchant's payment service provider determines whether 3DS should be required for the payment.
If 3DS is required, the customer is automatically redirected to their bank's website to authenticate the payment. At that point, the bank may determine to authenticate the payment without requiring more information or may ask the customer to authenticate the payment by entering a unique code sent by the bank. Providing more customer information, such as billing and shipping, increases the likelihood that the bank will automatically authenticate the payment instead of requiring the customer to provide a unique code sent by the bank.
After authentication, the customer is automatically redirected to the merchant's website, at which point the payment is completed.

3DS Flow Diagram

Steps:

The buyer clicks a button on the merchant's site to pay for a purchase.
The merchant's website displays DEUNA's checkout.
The buyer enters credit card credentials and submits the payment.
DEUNA's system communicates with card associations (Visa/MasterCard/Others) to authorize the payment.
Card associations communicate with the card's issuing bank.
The card's issuing bank requests 3DS along with a URL for the buyer to use to authenticate the payment and sends an OTP directly to the buyer.
Card associations transmit that request to DEUNA along with the URL.
DEUNA's system returns the URL to DEUNA's checkout along with instructions to authenticate the payment.
DEUNA's payment uses the URL to display the bank's authentication page without having to leave the buyer's website.
The buyer authenticates the payment using the OTP that the bank sent directly to the buyer.
Control is returned to DEUNA's payment UX.
DEUNA's payment process then communicates with DEUNA's system to complete the payment and provides proof of authentication.
DEUNA's system reviews the information and communicates with card associations to complete the payment by providing proof of authentication.
Card associations complete the payment with the issuing bank by providing the issuing bank's information.

Benefits

Unified integration: A single integration point for 3DS across multiple acquirers
Consistent experience: Provides a consistent user experience for 3DS authentication
Higher conversion: Authentication flow optimization to improve conversion rates
Broad compatibility: Works with processors that accept externally generated 3DS values

📘
With our 3DS MPI you can transact either through a direct API integration, using the payment widget, or the payment link.

DEUNA's 3DS MPI

3DS MPI (3D Secure Merchant Plugin Interface) is a DEUNA solution that provides a 3D Secure authentication service independent of payment processors.

This functionality allows merchants to use a single 3DS provider across multiple acquirers, simplifying integration and improving user experience.

General flow with DEUNA's 3DS MPI

About the data collection process

In order to achieve a smoother and frictionless user experience, we collect data from their browser and device to make a more accurate decision about sending a challenge to the user or not. Specifically, we collect the following data:

The user's screen color depth
The user's browser "javaEnabled" property
The user's browser UI language
Screen dimensions
User's time zone
The browser's "user agent" value

Considerations when using DEUNA's 3DS MPI

3DS MPI configuration is specific per acquirer.
For transactions that fail for reasons other than 3DS, it might be necessary to restart the authentication process.

Processors that support 3DS MPI

Unlimit
Adyen
Amex
BAZ
MIT Bulk
Cybersource
Kushki
Worldpay

Currencies and countries supported by 3DS MPI

Currently, DEUNA 3DS supports only mexican pesos (mxn) for Mexico.

📘
More currencies will be eventually added to 3DS DEUNA.

Networks supported by 3DS MPI

DEUNA's 3DS MPI supports major card brands: mastercard, visa, and american express. To ensure compatibility with other brands, confirm with your DEUNA point of contact during the integration process

Required data to ensure proper functioning of 3DS MPI

Field Name	Type	Length	Comments
currency	string	3	ISO 3166-1 alpha-3
order.items.total_amount.amount	string	15 (max)
order.billing_address.address1	string	40 (max)
order.billing_address.state_name	string	3	ISO 3166-1 alpha-3
order.billing_address.country	string	2	Use a two-character ISO country code.
order.billing_address.city	string	50 (max)
order.billing_address.first_name	string	40 (max)
order.billing_address.last_name	string	40 (max)
order.billing_address.phone	string	15 (max)	The format should be "+{country_code}{phone_number}"
order.billing_address.email	string	255 (max)	Email format
order.billing_address.zipcode	string	9 (max)

3D Secure

What is 3DS