Payments is the core feature of every e-commerce application. And the safety of payment operations is the number one priority for payment gateway implementations.
What is 3D Secure?
3D Secure (standing for “Three Domain Secure”) is an additional fraud protection protocol designed and implemented firstly by Visa and then by MasterCard. It adds an additional step of verification during online transactions. If you run an e-commerce business and need a payment gateway on your website, remember that 3D Secure implementation is mandatory in the United Kingdom.
The three domains are:
The merchant’s bank
The cardholder’s bank
Payment processing infrastructure (Visa and MasterCard)
3D Secure allows each cardholder to create a unique password for their card. During the checkout process, the cardholder is redirected to a 3D Secure page where they validate the online purchase with this password.
Each payment gateway has its own 3D Secure protocol. This means that each gateway requires its own 3D Secure implementation. In this article we’ll cover SagePay’s 3D Secure implementation.
How Sage Pay’s 3D secure works
You can find detailed information about the whole 3D Secure process on SagePay’s page. We’ll give you the short version so you can better understand the implementation process.
Steps 1 and 2: After the shopper’s details have been acquired at the checkout and sent to SagePay, it sends a request to 3D Secure (step 1 - VEReq “Verification request”) to get confirmation if the shopper is registered with 3D Secure (step 2 - VERes “Verification response”).
Step 3: Next, SagePay sends to Spree all the information required to complete 3D Secure, along with the URL (ACSURL), which must be sent to shoppers so they can enter their 3D Secure password.
Steps 4 and 5: Shoppers are redirected to the 3D Secure page where they can enter the password (step 4 - PAReq “Password request”). The password is verified by 3D Secure and confirmation is sent to Spree’s site (step 5 - PARes “Password response”).
Step 6: The last step - Spree will send the result of the 3D Secure validation to Sage Pay.
We hope this article helped you to understand 3D secure and how it works on your Spree site. In the next part, you'll see 3D secure payment implementation from the technical point of view - a tutorial for developers. If you have any other questions about this kind of payment system, ask us in a comment. We'll be happy to answer!