User interface guides
/
Settings
/
Configuration
/
Gateway accounts
/
3D Secure
Last updated

3D Secure (3DS)

3DS is a security protocol that helps prevent fraud in online credit and debit card transactions. 3D stands for the three domains that interact using the protocol: the merchant or acquirer domain, the issuer domain, and the interoperability domain.

How 3DS works

When a customer makes a purchase online, the merchant's website sends a request to the cardholder's bank to authenticate the transaction. The bank then sends a request to the cardholder to verify their identity. The cardholder can verify their identity by entering a password, a one-time code, or using biometric authentication.

If the cardholder successfully authenticates the transaction, the bank sends a response back to the merchant, and the transaction is completed. If the cardholder fails to authenticate the transaction, the transaction is declined.

Benefits of 3DS

3DS provides the following benefits for merchants and cardholders:

  • Reduce fraud: Prevent unauthorized transactions and reduce the risk of fraud.
  • Chargeback protection and liability: Shift liability for chargebacks from the merchant to the cardholder's bank, reducing the financial risk for merchants.
  • Increase approval rates: Increase approval rates for transactions by providing an additional layer of security.
  • Enhance customer trust: Help build trust with customers by providing an extra layer of security for online transactions, and provides peace of mind when making online purchases.
  • Regulatory compliance: Comply with regulations and industry standards for online transactions, reducing the risk of fines and penalties.
  • Global acceptance: 3DS is widely accepted by banks and card networks around the world.
  • Reduced fraud-related costs: Reduce fraud-related costs for merchants by preventing unauthorized transactions.

Configure 3DS

This process describes how to configure 3DS on a payment gateway in Rebilly.

  1. Log in or sign up to Rebilly.

  2. In the left navigation bar, press Settings .

  3. In the Configuration section, press Gateway accounts.

  4. In the list of gateway accounts, select a gateway account.
    If you are using the sandbox environment and have not set up a gateway account yet, select TestProcessor.

  5. In the top right of the page, press Edit gateway account.

  6. In the Advanced configuration section, turn on the Advanced configuration toggle.

  7. In the 3D secure section, select the Activate 3D Secure checkbox.

  8. In the 3D server dropdown, select ThreeDSecureIO3dsServer. This option uses the Rebilly 3DS provider (3DSecure.io). This server can be used in both live and sandbox environments.

  9. To enter the 3D Secure provider settings, select one of the following options:

    At a minimum, you must enter details for Visa and Mastercard.

    Use test details

    Use this process to test 3DS.

    1. Depending on which payment cards you would like to test using 3DS, select from the following:

      Visa
      1. In the Acquirer merchant ID Visa field, enter test-visa.
      2. In the Merchant acquirer BIN Visa field, enter 411111.
      Mastercard
      1. In the Acquirer merchant ID Mastercard field, enter test-mastercard.
      2. In the Merchant acquirer BIN Mastercard field, enter 555555.
      American Express (AMEX)
      1. In the Acquirer merchant ID AMEX field, enter test-amex.
      2. In the Merchant acquirer BIN Amex field, enter 378282.
      Discover
      1. In the Acquirer merchant ID Discover field, enter test-discover.
      2. In the Merchant acquirer BIN Discover field, enter 601111.
      JCB
      1. In the Acquirer merchant ID JCB field, enter test-jcb.
      2. In the Merchant acquirer BIN JCB field, enter 305693.

    2. In the Merchant name field, enter your merchant name.

    3. In the Merchant country dropdown, select a country.

    4. In the Merchant URL field, enter the URL of your website. Example: https://www.example.com.

    5. In the Transaction type dropdown, select Goods/Service purchase.

    6. Clear the Use 3DS for merchant-initiated transactions checkbox. This option is used for transactions initiated by the merchant, such as recurring payments. It is not applicable for the test information you entered in this section.

    7. Do not select a 3RI type.
      This option is only used when the Use 3DS for merchant-initiated transactions checkbox is selected.

    8. At the bottom of the screen, press Save gateway account.

    Use your merchant details

    Use this process to configure 3DS with your merchant information.

    To use the Rebilly 3DS provider (3DSecure.io), you must obtain the following merchant information from your payment gateway:

    • Acquirer Merchant Identification Number (MID) for both Visa and Mastercard.
    • Acquirer Bank Identification Number (BIN) for Visa (automatic enrollment).
    • Acquirer BIN for Mastercard (manual enrollment).
    • Merchant name.
    • Merchant country.
    • Merchant URL.

    Mastercard enrollment must be initiated by the acquirer, and the acquirer must enroll the specific acquirerBIN and acquirerMerchantID into their system. Enrollment is completed by the acquirer using the Mastercard Connect ISSM tool. If required, Rebilly can provide all PCI DSS and PCI 3DS certification documentation. For assistance, contact Rebilly support.

    If you have your merchant information from your acquirer, complete the following:

    1. Depending on which payment cards you would like to use with 3DS, select from the following:

      Visa
      1. In the Acquirer merchant ID Visa field, enter your acquirer merchant ID for Visa.
      2. In the Merchant acquirer BIN Visa field, enter your acquirer BIN for Visa.
      Mastercard
      1. In the Acquirer merchant ID Mastercard field, enter your acquirer merchant ID for Mastercard.
      2. In the Merchant acquirer BIN Mastercard field, enter your acquirer BIN for Mastercard.
      American Express (AMEX)
      1. In the Acquirer merchant ID AMEX field, enter your acquirer merchant ID for AMEX.
      2. In the Merchant acquirer BIN Amex field, enter your acquirer BIN for AMEX.
      Discover
      1. In the Acquirer merchant ID Discover field, enter your acquirer merchant ID for Discover.
      2. In the Merchant acquirer BIN Discover field, enter your acquirer BIN for Discover.
      JCB
      1. In the Acquirer merchant ID JCB field, enter your acquirer merchant ID for JCB.
      2. In the Merchant acquirer BIN JCB field, enter your acquirer BIN for JCB.

    2. In the Merchant name field, enter your merchant name.

    3. In the Merchant country dropdown, select a country.

    4. In the Merchant URL field, enter the URL of your website. Example: https://www.example.com.

    5. In the Transaction type dropdown, select the type of transactions you want to process using 3DS.

    6. Optionally, to decline transactions if the customer's bank does not support 3DS: Select the Decline not enrolled checkbox.

    7. Clear the Use 3DS for merchant-initiated transactions checkbox.
      This option is for merchant-initiated transactions, such as recurring payments. For more information about 3DS and merchant-initiated transactions, contact Support.

    8. At the bottom of the screen, press Save gateway account.

  10. Optionally, to test your 3DS configuration:

    Create a new customer and a test transaction
    1. In the left navigation bar, press Data tables, then press Customers.
    2. In the top right of the screen, press Add customer.
    3. Enter the test customers details, then press Save customer.
    4. In the right of the screen, press , then press Collect payment.
    5. Enter the amount and add a description for the payment.
    6. Select the Pay with Rebilly hosted payment form option, and press Submit.
    7. Press Copy URL and open the URL in a browser.
    8. In the payment card number field, enter 4111111111111111. Use a future expiration date, and any valid CVV.
    9. Press Continue, then press Confirm.

    In the response, an approvalUrl value is returned. At the URL, simulate the different outcomes of the challenge flow in a 3DSecure.io sandbox environment. To test different 3DS flows, use the last four digits from 3dsecure.io to generate a card number which passes Luhn check. For more information, see 3DS browser tests.

    Alternatively, select from the following predefined cards numbers to test 3DS outcomes:

    Card brandNumberOutcome
    Visa4111111111111111Manual challenge
    Mastercard5555555555554444Frictionless flow, authenticated
    Visa4000000000000002Frictionless flow, not authenticated
    Mastercard5105105105105100Frictionless flow, not authenticated

    For more information on how to test 3DS, see Test a 3DS challenge flow and Test a generic 3DS flow.

3DS flow

This process describes the flow of a 3DS transaction between a merchant, a cardholder, and the cardholder's bank:

  1. Authentication request: The merchant sends an authentication request to the cardholder's bank.
  2. Cardholder authentication: The cardholder authenticates the transaction using a password, one-time code, or biometric authentication.
  3. Transaction response: The bank sends a response back to the merchant, indicating whether the transaction was authenticated or declined.
  4. Transaction completion: If the transaction is authenticated, the transaction is completed. If the transaction is declined, the cardholder is prompted to try again or use a different payment method.

3DS internal flow

This process describes the internal flow between a payment gateway that is using 3DS and Rebilly.

  1. A transaction is created and 3DS is enabled on the selected payment gateway. Rebilly returns the approvalUrl and the transaction with a status of waiting-approval and a result of unknown.
  2. Rebilly detects when the customer is redirected to the approvalUrl. When this occurs, the transaction status is set to offsite and the result is set to unknown. Rebilly does not redirect the customer to theapprovalUrl, that must be completed by whomever is calling the API.
  3. After a successful 3DS flow that triggers the call to the payment gateway, the customer is redirected back to Rebilly.
  4. Rebilly receives the response from the payment gateway. The transaction status is set to completed and result is set to approved, or declined.
  5. The customer is redirected back to the redirectUrl.

To view all transaction result and status values, status and result.

Test 3DS

To verify your 3DS configuration is working correctly, see Test a 3DS challenge flow and Test a generic 3DS flow.

Previous page
Next page