Implementing 3D Secure (3DS) for Fraud Prevention¶
Overview¶
3D Secure (3DS) is an authentication protocol that adds an extra layer of security to online card transactions. As a Merchant of Record, 4Geeks Payments handles 3DS implementation, but understanding how it works and how to configure it is essential for optimizing approval rates and reducing fraud.
In this tutorial, you will:
- Understand how 3DS works
- Configure 3DS settings in 4Geeks Payments
- Handle 3DS authentication flows in your application
- Optimize 3DS for better conversion rates
- Monitor 3DS performance metrics
What is 3D Secure?¶
3DS is a protocol developed by Visa and Mastercard that requires customers to complete an additional authentication step during checkout. The most common methods are:
- SMS OTP: One-time password sent via text
- Banking app approval: Customer approves in their bank’s app
- Biometric verification: Fingerprint or face recognition
3DS Versions¶
| Version | Description | User Experience |
|---|---|---|
| 3DS 1.0 | Legacy version, redirects to bank page | Clunky, high abandonment |
| 3DS 2.0 | Modern version, in-app authentication | Smooth, mobile-optimized |
| 3DS 2.2 | Latest version, risk-based authentication | Frictionless for low-risk transactions |
4Geeks Payments uses 3DS 2.2 by default, providing the best balance of security and user experience.
Step 1: Configure 3DS Settings¶
- Log in to console.4geeks.io
- Navigate to Payments β Settings β 3D Secure
- Configure your 3DS preferences:
3DS Mode¶
| Mode | Description | Best For |
|---|---|---|
| Automatic (Recommended) | 3DS triggered only when required by issuer or risk rules | Most businesses |
| Always On | 3DS required for every transaction | High-risk industries |
| Off | No 3DS authentication | Low-risk, B2B transactions |
Risk-Based Rules¶
Configure when 3DS should be triggered:
Trigger 3DS when:
βββ Transaction amount > $500
βββ Customer's first purchase
βββ High-risk country
βββ Unusual spending pattern detected
βββ Card issuer requires it (mandated)
βββ Velocity threshold exceeded (>5 transactions/hour)
Step 2: Handle 3DS in Your Application¶
Using Payment Links (Simplest)¶
If you use 4Geeks Payment Links, 3DS is handled automatically:
// Generate payment link with 3DS enabled
const response = await axios.post('https://api.4geeks.io/v1/payment-links', {
amount: 9900,
currency: 'USD',
description: 'Premium Subscription',
customer_email: 'customer@example.com',
three_d_secure: 'automatic', // or 'required', 'off'
success_url: 'https://yoursite.com/success',
cancel_url: 'https://yoursite.com/cancel'
}, {
headers: { 'Authorization': `Bearer ${SECRET_KEY}` }
});
// Redirect customer to the payment link
// 3DS challenge will be handled automatically
window.location.href = response.data.url;
Using Direct API Integration¶
For custom checkout flows:
// Step 1: Create a charge with 3DS
const charge = await axios.post('https://api.4geeks.io/v1/charges', {
amount: 9900,
currency: 'USD',
payment_method_id: 'pm_xxx',
three_d_secure: {
enabled: true,
version: '2.2',
challenge_indicator: 'no_preference' // or 'no_challenge_requested', 'challenge_requested'
},
return_url: 'https://yoursite.com/3ds-callback'
}, {
headers: { 'Authorization': `Bearer ${SECRET_KEY}` }
});
// Step 2: Check if 3DS is required
if (charge.data.status === 'requires_action') {
// Step 3: Redirect customer to 3DS challenge
const nextAction = charge.data.next_action;
if (nextAction.type === 'redirect_to_url') {
window.location.href = nextAction.redirect_to_url.url;
} else if (nextAction.type === 'use_stripe_sdk') {
// Handle in-app 3DS challenge (for mobile apps)
handle3DSChallenge(nextAction.use_stripe_sdk);
}
}
// Step 4: Handle the callback
// After 3DS completion, customer is redirected to return_url
// Verify the charge status
const chargeStatus = await axios.get(
`https://api.4geeks.io/v1/charges/${charge.data.id}`,
{ headers: { 'Authorization': `Bearer ${SECRET_KEY}` } }
);
if (chargeStatus.data.status === 'succeeded') {
// Payment successful
showSuccessPage();
} else if (chargeStatus.data.status === 'failed') {
// Payment failed (customer failed 3DS or declined)
showFailurePage(chargeStatus.data.failure_message);
}
Step 3: Optimize 3DS for Conversion¶
Frictionless Flow¶
3DS 2.2 supports frictionless authentication β the bank approves the transaction without customer interaction when risk is low:
Customer enters card details
β
βΌ
4Geeks sends authentication request to issuer
β
βββ Low risk β Frictionless approval (no customer action needed)
β
βββ Higher risk β Challenge required (customer completes 3DS)
Optimization Tips¶
| Strategy | Impact |
|---|---|
| Use 3DS 2.2 (not 1.0) | +15-20% conversion rate |
| Enable frictionless flow | Reduces customer friction for low-risk transactions |
| Set appropriate risk thresholds | Balance security vs. conversion |
| Use exemption flags where applicable | Low-value transactions (<β¬30 in EU) |
| Monitor 3DS challenge rate | Aim for <30% challenge rate |
Regional Considerations¶
| Region | 3DS Requirement | Notes |
|---|---|---|
| European Union | Mandatory (PSD2/SCA) | Exemptions available for low-value, recurring, trusted beneficiaries |
| United States | Optional but recommended | Card networks incentivize 3DS with liability shift |
| Latin America | Varies by country | Brazil and Mexico increasingly require 3DS |
| Asia Pacific | Growing adoption | India mandates 3DS (OTP-based) |
Step 4: Monitor 3DS Performance¶
Key Metrics¶
| Metric | Description | Target |
|---|---|---|
| 3DS challenge rate | % of transactions requiring customer challenge | <30% |
| 3DS success rate | % of challenged transactions that pass | >85% |
| Frictionless rate | % of transactions approved without challenge | >50% |
| 3DS abandonment rate | % of customers who abandon during 3DS | <10% |
| Fraud rate | % of transactions that are fraudulent | <0.5% |
Access Reports¶
- Go to Payments β Analytics β 3D Secure
- View real-time dashboards for all 3DS metrics
- Filter by region, amount, and card type
- Export reports for analysis
Best Practices¶
Security¶
- Always enable 3DS for transactions above your risk threshold
- Use liability shift: 3DS shifts fraud liability from merchant to issuer
- Monitor fraud patterns: Adjust risk rules based on fraud trends
- Keep 3DS 2.2 updated: New versions improve both security and UX
Conversion¶
- Use Automatic mode: Let the system decide when 3DS is needed
- Optimize checkout flow: Minimize steps before 3DS challenge
- Mobile optimization: Ensure 3DS works smoothly on mobile devices
- Clear messaging: Tell customers why they need to authenticate
Compliance¶
- PSD2/SCA compliance: Required for EU transactions
- Exemption management: Apply exemptions where legally allowed
- Audit logging: Keep records of all 3DS authentication attempts
- Data retention: Follow local regulations for authentication data
What’s Next?¶
- Learn about Multi-Currency Checkout
- Explore Handling Refunds & Chargebacks
- Read about Tax Compliance as MoR
Need Help?¶
- Documentation: docs.4geeks.io/en/payments
- API Reference: docs.4geeks.io/en/api
- Support: Available through the console dashboard
Still questions? Ask the community.