Cardholder Authentication - 3D Secure

Follow

This article will take you through;

  1. What is 3D Secure?
  2. What is Strong Customer Authentication (SCA)?
  3. Authentication for once-off or recurring card payments
  4. How your clients authenticate payments 
  5. What happens if your client cannot find the email?
  6. What happens prior to the payment being authenticated?
  7. What happens if authentication fails? 
  8. Next steps and additional support

 

What is 3D Secure?

3D Secure is a tool provided by the major card schemes (Visa, Mastercard, etc.) that allows for the authentication of cardholders. It helps to fight fraud and make transactions more secure. 3D Secure is a global product offered by the card schemes, and Issuing banks around the world may choose to utilize it. In some regions, such as in Europe, there are regulations related to customer authentication that mandate the use of authentication tools such as 3D Secure. In these regions you should expect to see more 3D Secure authentication challenges occurring.

Oftentimes, 3D Secure authentication can be performed in a frictionless way with zero actions needed from the cardholder; but occasionally the cardholder’s bank may request them to complete an extra step to authenticate a payment, such as confirming it via their banking app or entering a One-time Passcode they may have sent the cardholder using SMS. The decision for when this may occur, and the method of authentication requested is entirely at the discretion of the cardholder’s bank.

Please note:

  • A client can be asked to authenticate a one-time payment or a recurring payment. With recurring payments, the client may be asked to authenticate either the first or a subsequent payment. This depends entirely on the client’s bank and it is not controlled by Glofox.
  • Your clients will receive an email to authenticate the payment. They will be asked to verify their identity with a push notification, a text message, or another method chosen by their bank.
  • The link in the email that the client needs to authenticate will expire, so it’s important that your client authenticates the payment ASAP. Again this depends on the bank, and can expire anywhere between a few hours and a few days.
  • It is not possible to cancel a pending transaction that is waiting on Authentication. If the link in the email expires, the users payment will be marked as failed in Glofox.

 

What is Strong Customer Authentication (SCA)?

Strong Customer Authentication (SCA) is a requirement of an EU regulation (PSD2 – revised payment services directive) that came into effect on September 14, 2019. This requirement stipulates scenarios where cardholder authentication is mandatory. Due to the adoption of these regulations across the European Economic Area (including the UK), authentication is more likely to be requested by banks than in other regions around the globe. 

 

Authentication requests for one time or recurring card payments

As mentioned above, authentication requests are sporadic and are driven 100% by the cardholder’s bank. The client can be asked to authenticate different types of payments, for example:

  • A one time payment e.g. a product purchase
  • An initial subscription payment
  • Any subsequent subscription payment

When a charge is processed, the cardholder’s bank dictates whether the authentication is required. If it is required for the online card payment, the cardholder will have to complete some additional steps after payment. The payment will show in your Glofox account as 'Awaiting authorization'.

You can see payments needing authentication in two places:

  • The ‘Transaction’ list in Reports
  • The ‘Transactions’ tab on the client profile

Transaction list

Transactions tab 

 

How your clients authenticate payments

When purchasing through the App or the Web Portal , the client will be shown a warning that the Payment must be authenticated. There is a link which will take them to their email for them to authenticate it.

ezgif-4-99def7f663.gif


If purchasing through the dashboard, once the card payment is processed, you will also be shown confirmation that the transaction is pending authentication.  

The client will also receive an email. The email contains a link to the 3D Secure approval page. Your client must click ‘Authorise payment’. The link will expire, so it’s important that your client takes action ASAP. 

They will then be taken to a page to complete the authentication. In most cases, these pages will show their bank's 3D Secure page in a pop-up but this depends on the bank that issued their card. They could also be asked to verify their identity with a push notification, a text message, or another method chosen by their bank.

The below video shows how the client will be asked to authenticate a payment via email and the 3D secure pop-up: 

ezgif.com-gif-maker__3_.gif

 

What happens if your client cannot find the email?

If your client cannot find the email to authenticate, you can resend it to them from the ‘Transactions’ tab on the dashboard: 

There is no limit to the number of times you can resend the email. If your client clicks 'Authorise' in the same email twice they will see a message letting them know they have already authenticated this payment. 

 

What happens prior to the payment being authenticated? 

  • For membership or add-on purchases - the membership will not be assigned until the authentication outcome is known.
  • For membership or add-on subsequent recurring cycles - the membership will remain locked until the authentication outcome is known.
  • For store purchases - if made through the dashboard the store purchase will not be fulfilled until the authentication outcome is known. If made through the App the purchase is fulfilled immediately. You should check all product collections to ensure payment has been successfully collected, before handing over the products.
  • For booking purchases - the member will immediately be booked in. You should review all bookings to ensure payment has been captured successfully and no transactions remain in a pending state.

 

What happens if authentication fails? 

If authentication fails, it can mean either:

  • The client didn’t authenticate the payment on time and the link expired
  • The client failed to authenticate the payment with their bank

If authentication fails:

  • For membership or add-on purchases – the membership will not be assigned. You can choose to write off this transaction to grant the member access to the membership. If you wish to capture payment from this member after this, you can use the Custom Charge functionality.
  • For membership or add-on subsequent recurring cycles – the membership will remain in a locked status. You can choose to write off this transaction to grant the member access to the membership. If you wish to capture payment from this member after this, you can use the Custom Charge functionality.
  • For store purchases – If made through the dashboard the store purchase will not be fulfilled if authentication is unsuccessful. If made through the App the purchase is fulfilled regardless of authentication outcome, you should check all product collections to ensure payment has been successfully captured. 
  • For booking purchases – the member remains booked in. You should review all bookings to ensure payment has been captured successfully and no transactions remain in a pending state.

 

Next steps and additional support

For more information on payment processing, click here.

For additional support reach out to support@glofox.com and we will be happy to assist you. 

 

Was this article helpful?
1 out of 1 found this helpful