Card Feature: 3D Secure 2.0 (EMV 3DS)

3D Secure 2.0 (EMV 3-D Secure) is the new authentication protocol for online card payments. 3DS 2.0 is designed to improve upon 3D Secure 1 by addressing the old protocol's pain points. Promotes frictionless consumer authentication and enables consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce purchases. The additional security layer helps prevent unauthorized CNP transactions and helps protect the merchant from exposure to CNP fraud and delivering a much smoother and integrated user experience.

  • Midtrans supports card payments using 3DS 2.0 with our APIs. To make the integration process as seamless as possible, please refer to Midtrans API Libraries & Plugins.
  • For Merchants who don't have PCI license, please refer to Snap API for browser integration and to Mobile SDK for mobile integration.

3DS 2.0 Benefits:

  • Frictionless (User friendly SCA - Less abandonment)
    There is no OTP Challenge that customer needs to submit. If transaction is considered safe by Issuing bank & Principle, the transaction will be processed immediately.
  • More data = Less decline.

3DS 2.0 Frictionless:

  • Merchant or Customer can provide additional data (such as item_details, customer_details, billing_address, and shipping_address) in the 3DS Charge request to try and achieve 3DS frictionless authentication, final decision will be determined by ACS as the Issuing Bank and the Principle. Those fields are optional, If you do not provide any additional data, Midtrans will still process 3DS even the result is frictionless or challenge.
  • If sufficient data is received to verify that it is indeed the cardholder making payment, the issuer can use frictionless 3DS authentication without the cardholder needing to perform 2FA. 3DS succeeds, the payment is accepted, and the merchant benefits from chargeback liability without any additional verification step.

For Specific Item Details and Customer Details, please refer to Item Details and Customer Details.

📘

For Existing Merchants that are already integrated with 3DS Feature

Midtrans will handle migration 3DS 1.0 to 3DS 2.0 gradually according to the readiness of the Acquiring Banks & Principles


Notes on 3DS 2.0 Migration::

  • In relation to 3DS 2.0 mandate from principal, we need to migrate all of existing BCA and BRI MIDs from MIGS to MPGS because MIGS BCA & BRI only support 3DS 1.0, The MID migration will affect channel_response_code and channel_response_message format.
    For more details, please refer to MIGS BCA & BRI MIDs Migration
  • OTP Challenge on 3DS 2.0, there will be new flow that were previously Synchronous for 3DS 1.0 but for 3DS 2.0 will become Asynchronous. So after Challenge OTP, the transaction could still be Pending. Merchant needs to wait for successful notification from Midtrans or try Get Status to Midtrans several times in next minute.
  • New field three_ds_challenge_completion on Charge and Status API response (Only for 3DS Challenge) to indicate whether the customer has submitted the OTP or not. Since 3DS 2.0 is Asynchronous this field may not be instantly updated due to Issuing bank or Principle having a delay when sending the callback.
  • 3DS URL Changes:
    • For Merchant that implements logic to close OTP Page with URL Path validation, Merchant needs to change or update the validation for 3DS 2.0
    • For Merchant that implements Mobile SDK, Merchant needs to update to latest version.
    • For Merchant that implements Snap API, there is no need for changes on Merchant side.
VersionURLDescription
3DS 1.0{midtransHost}/v2/token/rba/redirect/{tokenId}Redirect URL on Charge Response
3DS 1.0{midtransHost}/v2/token/rba/callback/{tokenId}Redirect URL after Input OTP
3DS 2.0{midtransHost}/v2/3ds/redirect/{tokenId}Redirect URL on Charge Response
3DS 2.0{midtransHost}/v2/3ds/result-completion/{tokenId}Redirect URL after Input OTP