EMV 3D Secure
3D Secure is designed to prevent fraud by allowing the card issuer to authenticate your customer before you process a payment.
QuickStream supports two options:
- QuickWeb: The card issuer performs the authentication on Westpac hosted pages.
- QuickStream REST API: The card issuer performs the authentication within your website.
Benefits of 3D Secure
The benefits of EMV 3D Secure are:
- Improved risk analysis - card issuers have the information they need to perform risk analysis.
- Make it easy for your customers to pay - customers who are judged low-risk enjoy a frictionless flow.
- Lower costs - less fraud and fewer chargebacks.
For more information, see:
How it works
- Your customer enters their card details.
- You send additional information through QuickStream to your customer's bank.
- If a challenge is required, your customer must pass the challenge before continuing.
- The payment is processed or card is stored in QuickStream.
What additional information is sent?
The additional information includes the customer's contact details, shipping address, and type of goods being purchased. This allows your customer's bank to decide if a challenge is required.
For a full list of fields, see 3D Secure Authentication in the QuickStream REST API.
What is a challenge?
A challenge allows your customer's bank to authenticate your customer. A challenge frame is displayed on your website. The customer enters information into the challenge frame. For example, their bank may send an SMS verification code and require the customer to type it in.
What is a frictionless flow?
In a frictionless flow, the customer does not need to complete a challenge.
How to implement EMV 3D Secure
To enable 3D Secure, you will need
- a Westpac representative to enable this on your QuickStream facility,
- a software developer to make changes to your website.
QuickWeb
These steps assume you have already implemented a QuickWeb solution.
QuickStream performs 3D Secure authentication automatically when it is enabled for your facility.
To improve the chances of a frictionless customer experience with EMV 3D Secure, you must:
- Implement the Secure token hand-off, and
- Provide the Parameters for 3D Secure.
Trusted Frame and REST API
These steps assume you have already implemented a Trusted Frame solution. The sequence diagram below shows a high-level overview of the steps involved.
Step 1: Pre-authentication
To opt-in to EMV 3D Secure, when you call quickstreamapi.creditCards.createTrustedFrame pass option threeDS2 = true in the TrustedFrameConfigObject.
QuickStream will check if the card is enrolled in EMV 3D Secure.
When QuickStream sends the data.singleUseToken.singleUseTokenId back, check the field data.singleUseToken.creditCard.threeDS2AuthRequired.
data.singleUseToken.creditCard.threeDS2AuthRequired |
Next action |
|---|---|
true |
Send a 3D Secure Authentication request using the singleUseTokenId. |
false |
Process a payment or register an account using the singleUseTokenId. |
Step 2: Authentication
To authenticate the cardholder, your server must send a 3D Secure Authentication request using your Secret API key.
This allows you to pass information such as the customer's contact details, billing address, shipping address etc.
The response will contain a transStatus to indicate if you should:
- process a payment or register an account (
AorY), or - present a challenge frame (
C), or - stop processing (any other value).
Step 3: Challenge
To present a challenge frame, call Javascript function quickstreamapi.creditCards.createChallengeFrame. QuickStream will send your site an updated transStatus to indicate if the customer has now passed the challenge.
Step 4: Process payment or register a card
If transStatus is A or Y after the authentication, you should send a request to:
Send the parameter threeDS2 set to true.