During the payment, the 3D Secure protocol implies cardholder authentication.
The authentication occurs after the card detail entry and can be made:
- Without cardholder interaction (“frictionless”), in this case the cardholder is not explicitly invited to authenticate upon their payment;
- With cardholder interaction (strong authentication or “challenge”).
Each bank implements different authentication methods in case of strong authentication. Example:
- Authentication via mobile application;
The buyer receives a notification on their smartphone and authenticates him or herself via their bank’s mobile application by entering a secret code or using their biometric data. The buyer confirms the payment via the application, then returns to the merchant website.
- Authentication via a secret code.
The buyer receives a single-use code by SMS. The buyer enters this code on the authentication page to authenticate.
The payment gateway takes it upon itself to interact with the authentication server of the cardholder’s bank and retrieve the result to finalize the payment.