During the payment process, the protocol 3-D Secure requires the cardholder to be authenticated.
The authentication occurs after the card detail entry and can be made:
- Without cardholder interaction (“frictionless”), in this case the cardholder is not explicitly invited to authenticate upon their payment;
- With cardholder interaction (strong authentication or “challenge”).
Each bank uses different authentication methods for strong authentication. Example:
- Authentication via mobile application;
The buyer receives a notification on their smartphone and authenticates him or herself via their bank’s mobile application by entering a secret code or using their biometric data. They confirm the payment via the application, then return to the merchant website.
- Authentication via a secret code
The buyer receives a single-use code by SMS. They enter this code on the authentication page to authenticate.
The payment gateway takes it upon itself to interact with the authentication server of the cardholder’s bank and retrieve the result to finalize the payment.
