3D Secure

3D Secure (Three Domain Structure), also known as a payer authentication, is a security protocol that helps to prevent fraud in online credit and debit card transactions. This security feature is supported by Visa and Mastercard and is branded as ‘Verified by Visa’ and ‘Mastercard SecureCode’ respectively.

GPS uses Cardinal Commerce as our 3D Secure service provider. Cardinal and GPS provide a real-time 3D Secure enrolment and authentication service called Realtime Data eXchange (RDX). You can implement this service through GPS to ensure that your cardholders are successfully enrolled and authenticated using 3D Secure.

For more information, refer to the 3D Secure Guide.

Authentication Types

GPS supports a number of methods or types of authentication that can be used to further verify the cardholder during an online transaction made from a merchant’s website. These authentication types include:

Authentication TypeDescription
Risk-based authentication (RBA).The authentication decision is done based on Cardinal rules, which generate a risk score that determines whether to approve or decline the transaction. This process is managed by Cardinal.
OTP SMS authenticationCardinal generates a single-use One-Time Password (OTP). GPS sends the OTP in an SMS text message to the cardholder’s mobile phone number and the cardholder enters the OTP in the 3D Secure screen to authenticate the e-commerce transaction.
OTP Email authenticationCardinal generates a single-use One-Time Password (OTP). GPS sends the OTP in an email to the cardholder’s email address. The cardholder enters the OTP in the 3D Secure screen to authenticate the e-commerce transaction.
Biometric authenticationCardinal sends a biometric authentication request to GPS and we forward this to your systems. You need to verify the cardholder using your customer smart phone application, via biometric data, such as a fingerprint scan or face recognition, obtained from the cardholder’s mobile device. Your customer application manages the biometric verification and returns a response to GPS.
Out-of-band (OOB) authenticationCardinal sends an authentication request to GPS and we forward this to your systems. You need to verify the cardholder using your customer in App smart phone application; for example, by asking the user to enter a username and password. Your customer application manages the verification and returns a response to GPS.

You can add multiple authentication types to each card that you enrol in the 3D Secure RDX service. You will need to create a separate call for each.

👍

Documentation

For more information on 3DS, refer to the GPS 3D Secure Guide.