3D Secure 2.0 Authentication Protocol (3DS2)
Understand 3DS2, the payment flow and the supported authentication channels.
3DS2 is an authentication protocol, the successor of 3DS1, that enables businesses and payment providers to send additional information (such as customer device or browser data) to verify the transaction's authenticity. This helps the customer's bank to evaluate the transaction for risk and decide on the payment flow.
- Razorpay offers 3DS2 support for international card payments only.
- Razorpay supports
This flow is activated if the bank determines that the transaction is from a trusted device and allows the payment to go through without any additional authentication from the customer. Currently, this would not be applicable in India for domestic payments as RBI mandates OTP-based authentication. For international payments, this flow is viable.
Razorpay supports the 3DS2 protocol on two authentication channels: browser and app/SDK.
Browser: All transactions, even those made from the native app are routed through the browser. This flow is available by default for all Standard and Custom Checkout users. No additional integration is needed.
App/SDK: Integrating with SDK increases the chances of higher success rates, especially for international transactions. It also offers a better user experience compared to the browser. Please contact
Given below is a diagram that explains the 3DS2 flow:
- 3DS2 provides an extra layer of security in card-not-present online transactions.
- It provides a better customer experience by improving customer reliability and trust.
- Businesses can choose to process all payments as browser payments even if they are initiated from your native app. Integrating the SDK and routing them as app-based payments provides a better customer experience and higher success rates for international payments.
- The 3DS2 protocol allows businesses to pass additional customer and device data to issuing banks to reduce payment authentication failures.
- As compared to 3D Secure 1, 3D Secure 2 introduces Frictionless authentication and Challenge authentication flow.
- With Frictionless authentication flow, the transaction is authenticated without any additional input from the customer.
- 3DS2 enhances internal risk procedures to assess and score each transaction in real time.
Was this page helpful?