Billing authentication with 3D Secure
3D Secure is an additional security layer for online credit and debit card transactions. It adds an authentication step for online payments by redirecting the user to the card issuer’s domain, then back to the online store's domain to complete payment. Online stores in countries under the PSD2 directive require 3D Secure checkout integrations in order to be compliant with the PSD2 directive.
Payments that are sucessfully authenticated by 3D secure are protected by a liability shift. When a payment is authenticated with 3D secure, the liability for fraudulent chargebacks or disputes is shifted from merchants to card issuers. This liability shift results in merchants no longer being liable for the costs of a chargeback or dispute. However, card issuers have policies that remove liability shift protection if too many chargebacks occur. For example, Visa's policy is that merchants who receive more than 7,500 USD in fraudulent chargebacks in one month are no longer able to shift liability to the card issuer.
If you're using Shopify Payments or Stripe as a payment gateway, then you're automatically using a 3D Secure checkout flow. Shopify Payments is optimized to minimize the use of 3D Secure, and only uses 3D Secure when required by the issuing bank in order for a transaction to be authorized successfully.
If you're using a third-party gateway and require 3D Secure, then you can use Cardinal as a 3D Secure provider.
Any time that you add a credit card as a method of payment for your store's Shopify subscription plan, you're prompted for authentication. After you enter your credit card details from the Billing settings page, you are redirected to the 3D Secure page where you can set up or enter your 3D Secure PIN.
Customers might need to confirm their payment method for extra security. Your customer's bank can challenge billing attempts like subscriptions, which means your customer needs to manually confirm their payment method.
If a customer needs to confirm their payment method for an order, then Shopify sends your customer an email which includes a link to your store to confirm the payment.
Do I need to authenticate my payments made to Shopify?
Yes. If you're using a credit card as a method of payment, then you need to go through the authentication process to complete your payment.
What is PSD2?
On September 14, 2019, the Revised Payment Service Directive, also known as PSD2, was introduced in all countries in the European Economic Area (EEA) and the United Kingdom. There is an expected 18-month transition period for online stores in the affected countries to become compliant with PSD2.
PSD2 introduces new, strict security requirements for electronic payments to reduce the risk of fraud. You will be PSD2 compliant if you use Shopify Payments through our integrated 3D Secure checkout.