Seguridad

Optimización 3DS

La optimización 3DS de Cardflo mejora la seguridad de las transacciones y las tasas de aprobación sin comprometer la experiencia del cliente. Aplicamos de forma inteligente los protocolos 3D Secure, equilibrando los requisitos de autenticación con los objetivos de conversión.

Nuestro sistema se adapta a los requisitos del emisor y a los perfiles de riesgo del comercio para un rendimiento óptimo.

Categoría
Seguridad
Capacidades
10
Disponible en
Todos los planes
Solicitar ahora

La visión general

3DS optimisation refers to the strategic management of 3-D Secure protocols to balance payment security with transaction throughput. While Strong Customer Authentication (SCA) is a regulatory requirement under PSD2 for European Economic Area transactions, its application elsewhere remains variable.

Merchants must navigate different versions of the protocol, primarily 3DS2, to utilise data-rich exchanges that facilitate frictionless authentication. This process sits between the gateway and the card schemes, acting as a verification layer before the authorisation request reaches the issuer.

Effective optimisation involves analysing issuer behaviour and risk signals to determine when a challenge is necessary. If mismanaged, 3DS can introduce latency or unnecessary friction, leading to basket abandonment.

By refining when and how these protocols are triggered, businesses may improve their authorisation rates while maintaining a robust defence against fraudulent activity and shifting the liability for chargebacks to the card issuer.

Cómo funciona

  1. Data gathering and risk analysis

    The system collects transaction metadata including the BIN, MCC, and device fingerprints. These variables are analysed against historical issuer performance to determine the likelihood of a frictionless flow.

    This initial stage ensures that the subsequent 3DS request contains sufficient data to satisfy the issuer's risk engine without requiring manual input.

  2. Protocol version selection

    The gateway identifies whether the issuer supports 3DS 2. 1, 2.

    2, or legacy versions. It prioritises the latest available version to enable biometric authentication and app-to-app redirection.

    This reduces the reliance on traditional SMS one-time passwords, which are known to have higher failure rates in mobile commerce environments.

  3. Exemption management and application

    Transaction Risk Analysis (TRA) or Low Value Payment (LVP) exemptions are applied where applicable under PSD2 frameworks. The system evaluates if the transaction meets the criteria to bypass a challenge entirely.

    This technical request is sent to the acquirer, who then communicates the exemption preference to the issuer.

  4. Dynamic challenge handling

    If the issuer requests a challenge, the platform manages the user interface transition to ensure the authentication frame loads correctly. It monitors for timeouts or refusal codes during this phase.

    If a technical failure occurs, the system can attempt a fallback or log the specific refusal reason for analysis.

Por qué importa

Reduction in checkout friction

Excessive authentication requests often lead to customer drop-off at the final stage of the purchase. By intelligently applying exemptions and favouring frictionless flows, merchants can minimise the number of steps a customer must take.

This is particularly relevant for repeat transactions where a Merchant Initiated Transaction (MIT) or a trusted beneficiary status may be applicable under current regulations.

Liability shift and fraud protection

Correctly implemented 3DS protocol usage typically shifts the financial liability for fraud-related chargebacks from the merchant to the issuer. Even when a frictionless flow is granted, the merchant generally remains protected.

This mechanism is a critical component of risk management for high-growth businesses operating in sectors with historically higher dispute rates or lower margins.

Authorisation rate improvement

Issuers are increasingly likely to decline transactions that do not have associated 3DS data, citing security concerns or regulatory non-compliance. Optimisation ensures that the issuer receives the specific data points they require to approve the transaction.

By aligning with issuer preferences, merchants can reduce the frequency of soft declines and improve the overall success rate of their payment processing.

Casos de uso

Subscription and recurring billing

Managing the initial setup of a recurring payment using 3DS to establish a secure mandate. Subsequent cycles are processed as Merchant Initiated Transactions, avoiding further challenges while maintaining compliance with relevant payment services directives.

High-value electronic goods

Applying mandatory 3DS challenges for transactions above a specific currency threshold or risk score. This ensures that expensive orders are fully authenticated, protecting the merchant from significant financial loss due to friendly fraud or stolen credentials.

Cross-border e-commerce

Adjusting 3DS strategies based on the geographic location of the issuer. For example, applying strict SCA protocols for EEA-based cards while using a more relaxed, conversion-orientated approach for regions where 3DS adoption is not a regulatory mandate.

Mobile application payments

Utilising 3DS2 to enable native biometric authentication such as FaceID or fingerprint scanning. This creates a smoother user experience compared to browser-based redirects, which often perform poorly on mobile devices and lead to session timeouts.

En cifras

70–80%
Frictionless Authentication Rate

This is a typical range observed for merchants using advanced data sharing and exemption strategies within regulated markets, although individual results vary by sector.

2–5%
Authorisation Uplift

Industry benchmarks suggest this range of improvement in approval rates when moving from legacy 3DS1 to optimised 3DS2 protocols due to better issuer data.

<2s
Authentication Latency

Modern 3DS server responses are typically expected within this timeframe to ensure the user experience remains stable during the transition between the merchant site and the issuer.

Ready to route with Optimización 3DS?

Talk to our team about a live rollout on your acquiring stack.

Solicitar ahora

Lo que obtienes con Optimización 3DS

  • Aplicación inteligente de 3D Secure para reducir la fricción.
  • Configuración dinámica de reglas 3DS, según el riesgo de la transacción.
  • Optimización del versionado 3DS (por ejemplo, 3DS2) para el soporte del emisor.
  • Integración perfecta con múltiples proveedores de 3DS.
  • Mejora de las tasas de aprobación mediante una gestión estratégica del desafío 3DS.
  • Informes detallados sobre el rendimiento 3DS y las tasas de abandono.
  • Manage the liability shift for fraud-related disputes according to card scheme rules.
  • Support app-to-app redirection for modern mobile banking authentication workflows.
  • Configure custom rules for challenge triggers based on MCC or transaction value.
  • Integrate with multiple 3DS Server providers to ensure high availability and redundancy.
See Optimización 3DS on your acquiring stack.

A short scoping call, then a written plan for your MIDs.

Solicitar ahora

Preguntas sobre Optimización 3DS

¿Qué es la optimización 3DS?

La optimización 3DS implica la aplicación estratégica de la autenticación 3D Secure a las transacciones de pago. El objetivo es reducir el fraude minimizando la fricción del cliente y mejorando las tasas de aprobación al decidir de forma inteligente cuándo y cómo desafiar una transacción.

¿Cómo afecta la optimización 3DS a las tasas de conversión?

Al utilizar 3DS de forma selectiva e inteligente, Cardflo ayuda a reducir los desafíos innecesarios.

Esto minimiza el abandono durante el proceso de compra, lo que se traduce en una mejora de las tasas de conversión, al tiempo que se mantiene una fuerte seguridad en las transacciones.

¿Es compatible la optimización 3DS con todos los métodos de pago?

La optimización 3DS de Cardflo se aplica principalmente a los pagos con tarjeta que admiten protocolos 3D Secure, como Mastercard, Visa y American Express. Nuestro sistema está diseñado para integrarse con varios sistemas de tarjetas para una cobertura integral.

What happens if an issuer does not support the latest version of 3DS?

The optimisation logic should include a fallback mechanism. If an issuer does not support 3DS2, the system should ideally attempt to use 3DS1 or proceed without authentication if the risk profile allows and regulations permit.

However, 3DS1 is being phased out by major card schemes like Visa and Mastercard. If no version is supported, the transaction may be processed as a non-3DS payment, though this carries higher risk and may be rejected by the issuer's security systems.

How do SCA exemptions work within the context of 3DS optimisation?

Under PSD2, certain transactions may be exempt from Strong Customer Authentication. Common exemptions include low-value payments (under €30), recurring transactions after the initial setup, and payments to trusted beneficiaries.

A merchant can request these exemptions via their PSP or gateway. The issuer, however, has the final decision on whether to accept the exemption or demand a challenge.

Optimisation involves correctly flagging these requests to increase the probability that the issuer will allow the transaction to proceed without a challenge.

Does 3DS2 work equally well on all mobile devices and browsers?

While 3DS2 is designed to be mobile-compatible, performance can vary based on the implementation and the cardholder's banking app. Technical issues like iframe blocking, cookie restrictions in modern browsers, or poor app-to-app redirection can cause failures.

3DS optimisation includes monitoring these technical signals and adjusting the implementation to ensure the authentication interface renders correctly across the widest possible range of hardware and software configurations.

How is the success of a 3DS optimisation strategy measured?

Success is primarily measured by the authentication success rate, the frictionless flow rate, and the subsequent authorisation rate. Merchants should also monitor the '3DS abandonment rate', which tracks customers who reach the authentication stage but do not complete it.

A successful strategy will show a high percentage of frictionless approvals and a low rate of abandonment, indicating that security measures are not significantly hindering the customer journey.

Empezar

¿Listo para la velocidad?

Cuéntanos sobre tu negocio. Te pondremos en contacto con los socios adquirentes y la ruta adecuada, normalmente en una semana.

Solicitar ahora
Solicitar ahora