3D Secure
Rules Manager
Table of Contents
- Introducing the 3D Secure Rules Manager
- Value to Merchants and Consumers
- How 3D Secure Rules Manager Works
Introducing the 3D Secure Rules Manager
To further enhance 3DS2, Braintree now offers merchants 3D Secure Rules Manager, a built-in offering that enables deep customization of when and how to invoke 3DS. With 3D Secure Rules Manager, merchants can create business specific rules for when and how 3DS is invoked directly from the Braintree Control Panel.
3D Secure Rules Manager gives merchants the flexibility to customize when they want to skip or apply 3D Secure and apply business-specific rules. Merchants can use 3D Secure Rules Manager to:
- Take advantage of chargeback liability shift, especially in markets like the UK and Ireland where frictionless 3DS is more broadly supported by issuers
- Apply SCA exemptions as much as possible, such as in markets like France or Denmark with lower issuer coverage
- Enable 3DS globally (i.e. beyond EEA) for certain transactions, like for high-value items
- Apply 3DS based on issuing country, device channel, BIN range etc
3D Secure Rules Manager does not require any developer work to set up once integrated with Braintree 3DS 2.
Learn more about how 3D Secure Rules Manager works
Value to Merchants and Consumers
3DS2 enables a more frictionless checkout experience compared to 3DS1. By using device and browser data to make authentication decisions behind the scenes, 3DS2 helps protect customers and merchants without interrupting the checkout flow, and may help to reduce card abandonment.
3D Secure Rules Manager can help merchants optimize 3D Secure for their specific business needs. For example, merchants who sell affordable products at a high volume might want to maximize the amount of frictionless transactions, while a merchant with higher ticket items might prefer to maximize liability shift and will present 3D Secure challenges as often as possible. With this capability, merchants can customize their 3DS behavior without any additional development work.
3DS2 provides merchants and their customers with the following:
- Shift chargeback liability for eligible transactions: using 3DS provides merchants with a chargeback liability shift, meaning that issuers may be responsible for any fraudulent transactions that do occur
- Simplify Strong Customer Authentication (SCA) requirements: 3DS2 meets the EU’s PSD2 / SCA requirements, helping merchants stay in compliance
- Help boost authorization rates: Issuers may approve more transactions when using 3DS, helping drive approval rates
- Reduce cart abandonment: 3DS2 works behind the scenes and provides a more frictionless experience, keeping customers at checkout, potentially reducing the chance for cart abandonment
- Streamline mobile checkout: 3DS2 offers native SDKs for iOS and Android, helping merchants create an uninterrupted mobile checkout experience
Additionally, 3D Secure Rules Manager can enhance the value added to merchants, including:
- Customize 3DS: With 3D Secure Rules Manager, merchants can customize how 3DS or exemptions are invoked through rules based on their individual needs, geography/region, card type, ASP ranges, BIN ranges, and more
- Create and modify 3DS rules: merchants can create, modify, or remove rules through the Braintree Control Panel UI, removing the need to code rules in the back end, helping reduce engineering effort and leading to a more optimized checkout experience for customers
- Take advantage of exemptions: 3D Secure Rules Manager helps merchants take a nuanced approach to 3DS to offer a more seamless checkout experience to their customers while maintaining a compliant approach
How 3D Secure Rules Manager Works
3D Secure Rules Manager is automatically enabled for all merchants in both Sandbox and Production.
Merchants can create rulesets with multiple rules, then assign priority to each rule. A ruleset may be associated with one or more merchant accounts. Each merchant account can be associated with only one ruleset. The merchant accounts associated ruleset will be automatically evaluated during verifyCard()
.
Navigating to 3D Secure Rules Manager
- Log in to the Control Panel
- Click on the gear icon in the top right corner
- Click Fraud Management from the drop-down menu
- Next to 3D Secure Rules, click the Options link
Rulesets
3D Secure Rulesets are a set of rules that can be applied to merchant accounts. We recommend creating rulesets based on the geographical region. Nevertheless, it's important to note that this is not the only method of grouping rules within a ruleset and can be adjusted to align with your specific requirements. Rulesets will help merchants stay organized with their 3D Secure rules. Rulesets can have multiple rules assigned.
Creating Rulesets
- Log in to the Control Panel
- Click on the gear icon in the top right corner
- Click Fraud Management from the drop-down menu
- Next to 3D Secure Rules, click the Options link
- Click the New Ruleset button
- Fill in the Name field with your desired criteria
- Click the Save button
Rules
3D Secure Rules are the prescribed instructions you choose to apply that define how 3DS is applied to specific transactions scenarios related to Country, Transaction Amount, and more.
Creating Rules
- Log in to the Control Panel
- Click on the gear icon in the top right corner
- Click Fraud Management from the drop-down menu
- Next to 3D Secure Rules, click the Options link
- Click on the name of the Ruleset you’d like to add the Rule to
- Click the New Rule button
- Fill in the fields with your desired criteria
- Click the Save button
If multiple rules are matched for a given transaction, the higher priority rule will be applied, and other rules will be ignored. We recommend that merchants consistently monitor and adjust their rules based on transaction activity, performance, and industry trends.
If the request parameters challenge_requested
or requested_exemption_type
are provided during verifyCard()
then it will override any matched rule.
Prioritizing Rules
- Log in to the Control Panel
- Click on the gear icon in the top right corner
- Click Fraud Management from the drop-down menu
- Next to 3D Secure Rules, click the Options link
- Click on the name of the ruleset that you’d like to adjust
- Drag any rule up or down the list
- Click the Save Rule Priority button
Rule Criteria
You can define the following rule criteria for each 3DS rule:
- Action
- Transaction Amount
- Payment Method Type
- Issuer Countries
- Card BIN Range
- Client Platform
- Rule Name
Available Actions
- Apply 3DS: Always trigger 3DS authentication, even when exemptions are possible. This can trigger both friction and frictionless challenges.
- Apply 3DS and request a challenge: Always trigger 3DS authentication and request an 3DS challenge. The act of requesting a challenge does not guarantee that the customer will actually get it, as the decision to present a challenge is controlled by the issuing bank.
- Apply Low Value exemption: Request to bypass 3DS for low-value transactions (transactions below 30 EUR or GBP). Merchants will not get a liability shift if the exemption is granted.
- Apply Transaction Risk Analysis exemption: Request to bypass 3DS with TRA exemption. Merchants will not get a liability shift if the exemption is granted. Note: Merchants must qualify with TRA. Contact us for more details.
- Skip 3DS wherever applicable: Does not apply 3DS authentication for transactions outside of PSD2 region. In a regulated market (PSD2), this setting has no effect and 3DS will still occur. When 3DS is skipped, the merchant will not get the benefits of 3DS such as liability shift.
- Apply Data only 3DS: 3DS Data Only facilitates a transaction process wherein merchants can share data with the issuer through EMV 3DS. It influences approval outcomes without any friction for the cardholder. However, merchants will not get a liability shift.
Conditions
- Amount (range or greater/less): Apply rules based on the transaction amount, either within a range or greater/less than a specified value.
- Payment Method Type: Apply rules to specific payment method types (e.g., credit card, debit card, prepaid debit, prepaid credit etc.).
- Card Country of Issuance: Apply rules according to the cardholders country of issuance. You can select multiple issuing countries per rule.
- Card BIN Range: Apply rules based on the Bank Identification Number (BIN) range of the card.
- Client platform: Apply rules based on whether the requests are coming from iOS, Android or Web
Custom Fields
3D Secure Rules Manager provides several fields that can be used to build conditional filters. However, you may have a specific set of fields pertaining to your business that you want to use in certain scenarios to optimize 3D Secure. Using Custom Fields, you can add such specific fields to the tool and then use them in building filter conditions.
3D Secure Rules Manager allows you to set 3D Secure Rules on your predefined custom fields within the Braintree Control Panel. When the fields you pass in the verifyCard()
call match with the custom fields defined in the 3D Secure Rules manager, the rules will be triggered.
Define a Custom Field:
- Log in to the Control Panel
- Click on the gear icon in the top right corner
- Click Processing from the drop-down menu
- Next to Custom Fields, click the Options link
- Click on the Add button on the right
- Enter the API name of the new custom field eg. "guest_checkout"
- Enter the Display name of the new custom field eg. "Guest Checkout"
- Select Pass Thru
- Click Add Custom Field button
For more information on defining custom fields see documentation here
Create a Rule using Custom Fields:
- Log in to the Control Panel
- Click on the gear icon in the top right corner
- Click Fraud Management from the drop-down menu
- Next to 3D Secure Rules, click the Options link
- Click on the name of the Ruleset you’d like to add the Rule to
- Click the New Rule button
- Scroll down to the Custom Fields section
- Click on the Add Custom Field button
- Select the defined custom field from the Field section eg. "guest_checkout"
- Enter a Value to trigger a rule eg. "true"
- Fill in the other fields with your desired criteria
- Click the Save button
Trigger a Rule with custom fields via API:
Add custom fields to the verifyCard()
call:
- Javascript
var verifyCardParams = {
customFields: {
custom_key1: "custom_value1",
custom_key2: "custom_value2",
custom_key3: "custom_value3",
},
}
For example, suppose you attempted a first transaction with a TRA exemption but received a 2099 decline from the issuing bank. Now, you're retrying the same transaction with 3DS. In this case, you can pass something like:
- Javascript
var verifyCardParams = {
customFields: {
retry_transaction: "true",
},
}
After adding this to your verifyCard()
call, create a rule in the Rules Manager via the control panel dashboard that would apply 3DS when the custom field retryTransaction
is set to true. Merchants have also utilized this tool for other use cases, such as when attempting to vault a card.
Another example, travel companies might leverage this feature to trigger 3DS as they approach the start date of holiday packages as it becomes harder to retract from the fraudulent activities. In that case you would pass something like:
- Javascript
var verifyCardParams = {
customFields: {
package_starts_within_5_days: "true",
},
}
Furthermore, it's possible to chain multiple custom fields within the same rule for added flexibility and customization.
Assigning Merchant Accounts to Rulesets
- Log in to the Control Panel
- Click on the gear icon in the top right corner
- Click Fraud Management from the drop-down menu
- Next to 3D Secure Rules, click the Options link
- Click Assign Merchant Accounts to 3DS Rulesets
- Drag merchants accounts (right) to the appropriate ruleset (left) to assign the account to the ruleset
Example 3D Secure Rulesets for Business Objectives
Example 1: Improve conversion rate
Business Objective: To capture more revenue and less cart abandonment, you want to generate higher conversion. This may help you get a higher conversion trading off liability shift as SCA exemption will not give you liability shift.
Example Rules:
- Request Low Value on all transactions below $30 EUR
- Request TRA for all transactions between $30 and $250 EUR
- Skip 3DS wherever applicable.
Expected Outcome: Higher revenue with less 3D Secure friction
Example 2: Optimize conversion and liability shift
Business Objective: To balance high approval rates and chargebacks, you want to optimize conversion and liability shift.
Example Rules:
- Request Low Value on all transactions below $30 EUR
- Apply 3DS in UK and IE for transactions between $30 and $250 EUR
- Request TRA in all markets for transactions between $30 and $250
- Apply 3DS on transactions above $250
Expected Outcome: Higher revenue by optimizing frictionless 3D Secure and optimized chargeback protection
Example 3: Maximize liability shift
Business Objective: Your primary goal is to protect your business from chargebacks, so you want to maximize liability shift.
Example Rules:
- Request Low Value on all transactions below $30 EUR
- Apply 3DS on transactions above $30
Expected Outcome: Liability shift on all transactions over 30 EUR and decreased chargeback liability
Maintaining your Rules
As the industry evolves and changes, you may want to modify your rules to achieve your goals related to 3D Secure. It is recommended to monitor your rules and adjust accordingly.
Next Page: Advanced Options →