What is 3DS 2.2 authentication?

Versions 2.0 and 2.1 of the 3DS protocol will be discontinued by the card networks.

Visa will no longer offer support for version 2.1 from September 25, 2024.

Mastercard will no longer offer support for version 2.1 from September 24, 2024.

In class mapping, send all required parameters to complete the integration with the latest version, 3DS 2.2.


What is 3DS authentication?

3DS is an authentication protocol that confirms whether the shopper is indeed the cardholder (for credit or debit payments). The goal of 3DS (also called EMV 3DS) is to prevent fraud in card-not-present (CNP) transactions.

Through 3DS, the carholder data is sent to the card networks and issuers, who will perform the authentication.

ℹ️

3DS stands for 3-D Secure Protocol and was developed by EMVCo, a technical body formed by the major card networks that creates specifications for the secure interoperability and acceptance of payments worldwide.

To perform the authentication, the merchant needs to send cardholder’s data to the card network through an intermediary service, the 3DS Server, which communicates with the card network. It is possible to use Cielo 3DS Server or an external 3DS Server.

If you use a 3DS Server external to Cielo for card authentication, you must inform the Cavv returned by your 3DS Server in the authorization request. For more information, skip to the Authorization with Authentication step.

Main benefits

  • The liability in case of a chargeback for an authenticated transaction lies with the issuer or the card network;
  • Easy integration via JavaScript;
  • Possibility of frictionless authentication;
  • Minimizes fraudulent transactions.

3DS protocol version 2.2

How to migrate to 3DS 2.2?

  • 3DS 2.2 is available and is mandatory for Visa and Mastercard.
  • Send all parameters marked as required in Class Mapping to migrate to 3DS 2.2. There are no new parameters (compared to 3DS 2.0).

Important:

  • A chargeback is a dispute of a debit or credit card purchase made by the cardholder when they do not recognize a particular purchase. 3DS authentication helps reduce the occurrence of chargebacks due to fraud, as the liability in case of a chargeback shifts to the issuer, not the merchant;
  • 3DS authentication is not a fraud analysis; to increase the security of your transactions, we recommend using 3DS Authentication and also a fraud analysis service, such as the Antifraude Gateway.

What kind of merchant can use 3DS?

Any online store can use 3DS as an extra layer of security for their transactions.

3DS authentication is mandatory for debit card transactions.

What are the requirements for using 3DS?

The e-commerce must meet the following requirements:

  • Be affiliated to Cielo acquirer;
  • Complete the technical integration of the authentication protocol;
  • Complete the technical integration of the debit and credit card payment (authorization).

When to use 3DS authentication?

3DS Authentication is mandatory for all debit card transactions and optional for credit card transactions.

How do I know if the transaction was authenticated?

This will depend on the result of the [ECI Table].

Does 3DS 2.2 authenticate the cardholder in recurring transactions?

  • The current integration authenticates the first transaction of a recurrence. In subsequent transactions, the chargeback liability remains with the merchant.
  • Recurring transactions with saved cards (CardToken) do not undergo authentication.
  • For recurring transactions, send all bpmpi_recurring parameters in the first transaction. In subsequent transactions, it is not necessary to send the bpmpi_recurring fields.

What are the types of cardholder authentication?

  • Frictionless authentication (silent authentication): when the issuer performs the authentication without the need for additional validation from the cardholder;
  • Challenge authentication: when the issuer needs to perform additional cardholder validation and presents a challenge, which can be the confirmation of a code sent by the bank app, SMS etc.

Is it possible to use an external MPI/3DS Server to create payments in the API E-commerce Cielo?

Yes. If the merchant is integrated with an authentication MPI external to Cielo, send the authentication result in the node Payment.ExternalAuthentication when creating a debit card or a credit card payment.