3D Secure Payments In Spree. Part 1: What, Where, and Why

Photo of Pavel Averin

Pavel Averin

Updated Sep 28, 2023 • 3 min read

Payments is the core feature of every e-commerce application. And the safety of payment operations is the number one priority for payment gateway implementations.

What is 3D Secure?

3D Secure (standing for “Three Domain Secure”) is an additional fraud protection protocol designed and implemented firstly by Visa and then by MasterCard. It adds an additional step of verification during online transactions. If you run an e-commerce business and need a payment gateway on your website, remember that 3D Secure implementation is mandatory in the United Kingdom.

The three domains are:

  • The merchant’s bank
  • The cardholder’s bank
  • Payment processing infrastructure (Visa and MasterCard)

3D Secure allows each cardholder to create a unique password for their card. During the checkout process, the cardholder is redirected to a 3D Secure page where they validate the online purchase with this password.

Each payment gateway has its own 3D Secure protocol. This means that each gateway requires its own 3D Secure implementation. In this article we’ll cover SagePay’s 3D Secure implementation.

How Sage Pay’s 3D secure works

You can find detailed information about the whole 3D Secure process on SagePay’s page. We’ll give you the short version so you can better understand the implementation process.


Steps 1 and 2: After the shopper’s details have been acquired at the checkout and sent to SagePay, it sends a request to 3D Secure (step 1 - VEReq “Verification request”) to get confirmation if the shopper is registered with 3D Secure (step 2 - VERes “Verification response”).

Step 3: Next, SagePay sends to Spree all the information required to complete 3D Secure, along with the URL (ACSURL), which must be sent to shoppers so they can enter their 3D Secure password.

Steps 4 and 5: Shoppers are redirected to the 3D Secure page where they can enter the password (step 4 - PAReq “Password request”). The password is verified by 3D Secure and confirmation is sent to Spree’s site (step 5 - PARes “Password response”).

Step 6: The last step - Spree will send the result of the 3D Secure validation to Sage Pay.

We hope this article helped you to understand 3D secure and how it works on your Spree site. In the next part, you'll see 3D secure payment implementation from the technical point of view - a tutorial for developers. If you have any other questions about this kind of payment system, ask us in a comment. We'll be happy to answer!

P.S. If you're seeking the right payment gateways for your e-store, check out our list of payment service providers compatible with Spree.

Photo of Pavel Averin

More posts by this author

Pavel Averin

Tech and start-up world is Pavel's cup of tea. He draws inspiration from technology and business...
Lost with AI?  Get the most important news weekly, straight to your inbox, curated by our CEO  Subscribe to AI'm Informed

We're Netguru

At Netguru we specialize in designing, building, shipping and scaling beautiful, usable products with blazing-fast efficiency.

Let's talk business