3-D Secure for Payflow

3-D Secure, also known as a payer authentication, is a security protocol created by Visa and Mastercard to help prevent online credit and debit card fraud. Payer authentication is based on the following three-domain (3-D) model:

• The issuer domain— (Card Issuers and Cardholders): Card issuers enroll and activate cardholder accounts to participate in the buyer authentication programs. The card issuer is responsible for authenticating the cardholder during the checkout process.
• The acquirer domain— (Acquirers and Merchants): Merchants communicate with Payflow to initiate the authentication process. Once authentication is completed, the authentication data is appended to the financial transaction sent to the gateway or processor.
• The interoperability domain— (Allows the Issuer Domain to interoperate with the Acquirer Domain): Payflow communicates with the various directory servers to facilitate communication between cardholder and issuer. Once the cardholder is redirected to the card issuer's authentication site, the cardholder is prompted for authentication credentials.

Payflow supports the following 3-D Secure protocols:

• Visa Secure
• Mastercard SecureCode
• American Express SafeKey
• Discover ProtectBuy, which includes JCB cards

3-D Secure authentication options with Payflow

Using Payflow, you can authenticate cardholders with the 3-D Secure protocol in one of two ways:

• Enable the Payflow Buyer Authentication service— Recommended for a simpler integration.

  Note: This service is being deprecated and does not support 3-D Secure v2.0, please use a 3rd-Party merchant plug-in.

• Use a 3rd-Party Merchant Plug-in (MPI)— Requires you to collect authentication data using an MPI and passing that information to Payflow.