3DS and Strong Customer Authentication

3D Secure is an authentication protocol to improve the exchange of online transaction data and protect consumers. It helps merchants meet the EU’s Strong Customer Authentication (SCA) requirements in place since 2019.

The importance of 3D Secure

With the European Union’s Strong Customer Authentication (SCA) standards now mandatory for all online transactions in Europe, card issuers and banks must implement two-factor authentication for all card payments. Part of the EU’s Payment Security Directive 2 (PSD 2) regulations, SCA is intended to better protect consumers from fraud and abuse, and applies whenever an EU-based shopper makes a payment.


While some exemptions apply, merchants shouldn’t rely on these exemptions when it comes to accepting online payments in Europe. By adhering to the most secure flows, merchants can ensure the highest approval rates and reduce the risk of a transaction being declined due to non-compliance.


Under the previous regulations governing payment security in Europe, a protocol known as 3D Secure 1.0 was used in order to verify digital payments. With the new regulations, 3D Secure 2.0 is an updated version of the protocol that makes it easier to collect and process customer payment information in accordance with SCA requirements.

3D Secure 2.0 and your business

Here’s how PayU helps merchants maintain high payment security standards and comply with the latest SCA requirements.
3D Secure merchant capabilities PayU main image 1440x650

How PayU helps merchants with 3D Secure implementation and SCA compliance


Implementing 3DS protocols and streamlining procedures can be a drag. Through real-time transaction monitoring, PayU’s payment solution helps merchants identify and fix decreases in payment approval rates due to 3DS. Thanks to its intuitive nature, businesses can easily spot and change their routing configurations using PayU’s Smart Routing Engine.

To increase the payment conversion chances PayU can optimize the 3DS authentication type and route the transactions to a better performing 3DS 2 version – while communicating with card schemes and issuing banks to improve UX and troubleshoot issues that arise.

Handling soft declines

We have two ways of managing soft declines: PayU can step in on behalf of the merchant, or the merchant can handle Soft Declines via the PaymentsOS API.

Explore more payment security features

Learn more about how PayU’s payment solution supports efficient and secure global payments.
See payment optimization features

3D Secure FAQs (6)

What is 3DS authentication?

3D Secure (3DS) authentication is a security measure that occurs when a cardholder initiates an online payment during checkout. During the 3DS authentication process, the cardholder must authorize the transaction with a security key provided by the bank that issued the payment method used during the online purchase. 3D Secure is a security protocol set in place between merchants, payment acquirers/processors, and card issuing banks meant to secure online credit and debit card transactions.

What is Strong Customer Authentication?

Strong Customer Authentication (SCA) is a new authentication mechanism based on three layers of transaction authentication. During the authorization of payments via 3D Secure, the cardholder must present the following authentication keys: Something that they know (a PIN code provided by the issuing bank); Something that they own (smartphone or in-app notifications to authorize the payment); Something they inherit (biometric elements – fingerprints, facial recognition).

What is 3D Secure 2 authentication?

3D Secure 2 authentication is the updated 3D Secure protocol for online payment authorization, officially released in 2020. The new version was launched to cater to the new requirements enforced by PSD2 and SCA in Europe.

What is PSD2 Strong Customer Authentication?

The Payment Service Directive 2 (PSD2) was proposed in 2018 and enacted in 2019 by the European Commission and European Central Bank in order to fight fraud and increase security for eCommerce and online transactions in Europe. The PSD2 updates implemented the Strong Customer Authentication (SCA) process for online transactions which requires cardholders to go through 3 layers (2 are mandatory) of authentication when making an online or e-commerce payment. PSD2 is applicable only for businesses and cardholders located in the European Economic Area (EEA) – but the standards are increasingly shaping authentication practices for online payments globally.

When is Strong Customer Authentication required?

Strong Customer Authentication (SCA) is required after a consumer or cardholder based in the European Economic Area (EEA) is attempting to make a purchase or online payment on a merchant platform also based in EEA.

How does 3D Secure authentication work?

3D Secure authentication occurs during the checkout. After a consumer or cardholder has confirmed the order, depending on the payment amount or if the merchant has their card details stored on file, they are automatically redirected to the 3D Secure page. On the 3D Secure page, the user must add a password provided by the issuing bank or log into their banking application and confirm the transaction by pressing a button, inserting a password, or presenting their fingerprint.

Get started

Benefit from the full range of 3DS features and other capabilities offered in PayU’s global payment orchestration platform.