3D Secure 2 Integration overview

On this page

3D Secure 2 (3DS 2) is the new authentication protocol for eCommerce card payments. Whether you are an existing Elavon customer or not, you can still add Elavon’s 3D Secure (3DS) solution to your transaction authentication process. Merchants can use Elavon’s 3DS 2 solution either as a standalone service or as a feature within an existing Elavon product. The best integration option for your business may depend on items such as your technical implementation, business model, and strategies for managing fraud.

Option 1 - 3DS 2 as a standalone service

To use the 3DS 2 solution as a standalone service, use one or a combination of these options:

  • Integrate directly with Elavon’s 3DS Server
  • Integrate using Elavon’s 3DS Web SDK
  • Integrate using Elavon’s Mobile SDKs (iOS/Android) (Releasing soon)

The 3DS 2 as a standalone service option is suitable for the following merchants:

  • Any merchant that processes their payments with Elavon or a certified third-party processor.
  • Merchants that use external or third-Party eCommerce solutions but process via Elavon.
  • Merchants that have multiple processors.

High-level features of the standalone integration options

Direct to 3DS Server

  • Direct communication between the merchant’s server (backend) and the 3DS Server.

  • Merchant has more control over each part of the integration process.

    For example, you can control how to handle the challenge flow when the issuer returns the challenge response, you can set the preference to challenge the user or not, you can control where the authentication request should be called in the payment flow, and you can do an inventory check-in between a payment flow.

  • Requires extra development effort as compared to the other integration options.

    The development effort required for each merchant varies and depends on factors such as the technical expertise of the development team, understanding of the payment industry, and usage of similar products. However, Elavon’s developer documentation guides you step-by-step in the deployment process with sample codes, requests, and responses.

Integration steps for direct integration to the 3DS Server

3DS Web SDK

  • A JavaScript library built on the Elavon 3DS Server API for an easy integration option to handle different 3DS authentication flows.

  • Ideal for merchants who want to add 3DS 2 support to their existing web-based checkout solution.

  • Minimal development effort required if using the all-in-one workflow of the Web SDK.

    The all-in-one workflow is prepackaged with all features and is ready to use once integrated with the merchant’s payment page. It runs all steps in the 3DS payment processing with one function call.

  • For granular control over the 3DS flow, the Web SDK also provides individual 3DS steps as a “toolkit” of functions that merchants can call as required.

  • Once integrated into a merchant’s website or checkout page, the Web SDK handles the communication with the 3DS server to complete the 3DS flow on behalf of the merchant.

  • Supports browsers on both mobile and desktop devices. Also, supports the use of the Web SDK (JavaScript) in a native mobile app through the use of a WebView.

  • Web SDK demo app available to understand the capabilities offered by the all-in-one and toolkit workflows of the Web SDK before actually integrating it into the payment page.

Integration steps for the Web SDK

Mobile SDKs (Releasing soon)

  • Ideal for merchants who have all or most transactions via their shopping app.
  • Built over the 3DS API for easy integration into a merchant’s mobile app.
  • Initiates and handles the complete 3DS transaction flow on behalf of the merchant.
  • Sample apps available to understand the capabilities offered by the mobile SDKs before actually integrating them into the merchant’s app.

Option 2 - 3DS 2 for Elavon merchants using Converge

Converge for merchants in European Union (EU)

Converge supports the following three integration methods:Link opens new window

  1. Direct API - To use the 3DS 2 feature, you need to either integrate the 3DS Web SDK to your website or set a direct integration to the 3DS Server.

  2. Hosted Payments Page - To configure a hosted payments form, you can use one of the following options.

    • Lightbox - To use the 3DS 2 feature, when you create a payment session through the Converge API (POST /payment-sessions), set the doThreeDSecure field value to true. For details on the API call, see the Converge API Reference documentationLink opens new window.

    • Redirect - To use the 3DS 2 feature, when you create a payment session through the Converge API (POST /payment-sessions), set the doThreeDSecure field value to true.

    • Payment Link - When you send a payment link via the Converge UI, the 3DS 2 authentication check is enabled by default.

  3. Shopping cart plugins - The shopping cart plugins built by Elavon support 3D Secure 2.0. For details, see the documentation for the supported pluginsLink opens new window.

Converge for merchants in North America (NA)

note

At present, the 3D Secure 2 Service through Converge is available only for merchants in the United States (US).

Prerequisite

To enable the 3D Secure 2 feature as part of Converge; existing merchants should call Elavon support

Integration options

  • Hosted payments page (HPP) - automatically uses 3D Secure 2 for all transactions made using a terminal that meets the general requirements for using 3D Secure 2 with Converge.

  • Lightbox - automatically uses 3D Secure 2 for all transactions made using a terminal that meets the general requirements for using 3D Secure 2 with Converge.

  • Buy button / Payment link - automatically uses 3D Secure 2 for all transactions made using a terminal that meets the general requirements for using 3D Secure 2 with Converge.

  • Billing & Invoicing - automatically uses 3D Secure 2 for all transactions made using a terminal that meets the general requirements for using 3D Secure 2 with Converge.

  • Checkout.js - merchants can either embed the Web SDK in the checkout page or for granular control, manually implement a Checkout.js page with 3D Secure 2 flow. For more details about how to use this option, see this checkout.js example HTML formLink opens new window.

  • XML API - use one of the standalone options to use the 3D Secure 2 service. If you want to use the 3D Secure 2 Web SDK for an XML API integration, see this example codeLink opens new window.

For more details about these integration options for Converge NA, see 3D Secure 2 Integration optionsLink opens new window.

Sample use cases for different integration options

These sample use cases in the following table are some examples of integrations that you can use. You can invent your own integration type that meets your requirement.

Integration typeFeaturesSample use cases
Web SDK (JavaScript)
  • Easiest integration option to handle the 3DS 2 flow in browsers with minimal programming effort.
  • The all-in-one workflow handles the complete 3DS flow, 3DS 1 fallback (optional), and challenge (if required) with one function call.
  • Supports browsers on both mobile and desktop devices.
  • Supports hybrid integrations (see the last row in this table for example use cases).
  • You want an easy and quick way to integrate the 3DS 2 service.
  • Your platform is web-based or the processing is typically performed on the front-end (i.e., in the web browser).
  • You want to embed the JavaScript library directly in your payment page (website) and your app (via WebView).
  • You are a FuseBox or a viaConex customer and you want to use 3DS 2.
Direct integration (API)
  • Direct communication between the merchant’s server (backend) and the 3DS Server.
  • More control over each part of the integration process.
  • Only integration option that supports 3RI i.e., merchant-initiated transactions. For example, calls for a recurring subscription payment every month can only be initiated by the merchant’s server which communicates directly to the 3DS Server.
  • Only integration option that supports decoupled authentication. For example, the client SDKs can only help to initiate a decoupled authentication check, but it is the 3DS Server that sends notifications to the merchant’s server (notification endpoint) when it receives the final authentication result from the issuer.
  • You want to have more control over the 3DS Secure authentication check process.
  • Your business is unable to use a website or an application-based integration.
  • You are capturing cardholder data on your website without any encryption and then passing the cardholder data to your server for authentication with the processor.
  • You want to use decoupled authentication or 3RI as the supported form of authentication.
  • You are a FuseBox or a viaConex customer and you want to use 3DS 2.
Native Mobile App SDK (iOS / Android) (Releasing soon)
  • Easy integration into a merchant’s mobile app by importing the SDK within your application codebase.
  • Mobile SDKs initiate and handle the complete 3DS transaction flow.
  • All the features of 3D Secure 2 check optimized for native Android & iOS app, instead of the website.
  • You have a major share of the customer base who uses your native mobile app for Android and iOS.
  • You want to integrate the 3DS 2 features into your mobile app.
Converge for merchants in NA (US)
  • No extra development work is required for these integration options: Hosted payments page (HPP), lightbox, buy button or payment link, and billing & invoicing.
  • Minimal development effort if using the checkout.js option.
  • For customers using the converge API, integrate using either the direct integration to the 3DS Server or the Web SDK.
  • You are a merchant in NA (US) and you are already using Converge as your payment processing system.
  • You want all the features of 3D Secure 2 without the complexity of manual programming or integration.
Converge for merchants in EU
  • 3DS Web SDK is now embedded in Converge EU and no extra integration effort is required.
  • All integrations options support 3DS: lightbox, redirect, or payment links.
  • You are a merchant in the EU and you are already using Converge as your payment processing system.
  • You want all the features of 3D Secure 2 without the complexity of manual programming or integration.
Hybrid integration A combination of one or more integration options. See the sample use case column for examples.Direct API + Web SDK (all-in-one workflow) example
You capture the cardholder data on your website (Web SDK integration), store the tokenized card details on your server, and then use the card-on-file details for subsequent subscription-based transactions (send a merchant-initiated request also called 3RI via Direct API).
In a reverse scenario, if the results of a 3RI transaction return that the card is no longer valid, you can direct the cardholder to authenticate a new card through your website (Web SDK integration).
Web SDK + Mobile SDK example
Your customer base equally uses your website and mobile app for shopping. In this scenario, you can integrate the Web SDK JavaScript file on your payment page and the Mobile SDKs into your native apps.
Web SDK + Converge (Checkout.js) example
For a simpler integration, you can embed the Web SDK into your checkout.js page. In this case, the Web SDK handles the complete 3D Secure 2 check for you.
Optionally, you can use the Web SDK to perform 3DS 2 authentication and then pass the authentication values into checkout.js for payment authorization. Your native app (mobile) users can use the same Web SDK integration in their mobile apps by using WebView components. This integration mode gives you more control over authentication errors.

Related topics