# Authentication
source: https://developer.mastercard.com/mastercard-gateway/documentation/security-and-fraud/authentication/index.md

The authentication methods in the Mastercard Gateway ensure secure and seamless online transactions for businesses and payers. The gateway provides the following methods for payer authentication.

## EMV 3-D Secure authentication {#emv-3-d-secure-authentication}

EMV 3-D Secure is a security protocol that adds an additional layer of security to online purchases by requiring cardholders to authenticate themselves with the card issuer when making payments. It helps to prevent unauthorized online transactions, reduce the risk of fraud, and protect you from chargebacks if the transaction is authenticated successfully. The EMV 3-D Secure feature of the gateway supports 3DS2 only.

For more information, see [EMV 3-D Secure Authentication](https://developer.mastercard.com/mastercard-gateway/documentation/security-and-fraud/authentication/3d-secure-auth/index.md).

## Token authentication service {#token-authentication-service}

Token Authentication Service (TAS) is a Mastercard service that enables merchants to perform seamless cardholder authentication. This service uses Mastercard payment passkeys during online transactions, such as Click to Pay and Secure Card on File (SCOF). Cardholders create payment passkeys with Mastercard and use them to authenticate seamlessly during checkout.

For more information, see [Token Authentication Service](https://developer.mastercard.com/mastercard-gateway/documentation/security-and-fraud/authentication/token-auth-service/index.md).

## RuPay payer authentication {#rupay-payer-authentication}

RuPay Payer Authentication is a service provided in India for RuPay cardholders. It allows you to authenticate RuPay cardholders before initiating a RuPay payment. When a RuPay cardholder makes an online transaction, they are redirected through the RuPay PaySecure network to a site that an issuer has hosted to enter the one-time password (OTP). You receive the authentication result that enables you to decide whether you want to proceed with the payment.

For more information, see [RuPay payer authentication](https://developer.mastercard.com/mastercard-gateway/documentation/security-and-fraud/authentication/rupay-payer-auth/index.md).

## PSD2 SCA compliance and exemptions {#psd2-sca-compliance-and-exemptions}

The Revised Payment Services Directive (PSD2) is legislation effective in the European Economic Area (EEA) that regulates payment services throughout the EU. To achieve better consumer protection, PSD2 mandates that payment service providers implement Strong Customer Authentication (SCA) for e-commerce transactions. For card payments, you can achieve SCA by performing [EMV 3-D Secure](https://developer.mastercard.com/mastercard-gateway/documentation/security-and-fraud/authentication/3d-secure-auth/index.md). However, EMV 3-D Secure adds an additional step to the checkout flow, asking your payer to provide additional details during the authentication challenge.

This is inconvenient to payers and potentially results in higher drop-off rates as payers abandon the checkout process. Therefore, the PSD2 mandate includes a set of exemptions where SCA is not required, potentially allowing your payer to bypass this additional step during the checkout flow. For example, low-risk transactions, low-value transactions, or recurring transactions may be exempt from SCA under certain conditions. The gateway allows you to claim these exemptions (when applicable) for your EMV 3-D Secure integration flows.

For more information, see [PSD2](https://developer.mastercard.com/mastercard-gateway/documentation/security-and-fraud/authentication/psd2-sca-com-exem/index.md).