# Integrate EMV 3-D Secure source: https://developer.mastercard.com/mastercard-gateway/documentation/tutorials-and-guides/gateway-3d-secure/index.md ## What is EMV 3DS? {#what-is-emv-3ds} **EMV 3DS** is a major upgrade to the 3-D Secure messaging protocol that helps verify your identity when shopping online with a debit or credit card. ### It's designed to: {#its-designed-to} * **Cut down on fraud** by sharing better information between banks, merchants, and card networks. * **Make checkout smoother**, reducing cart abandonment. * **Give banks more options** to confirm identity during checkout based on user habits and merchant-provided info. ### Supported Card Schemes: {#supported-card-schemes} * Mastercard * Visa * American Express * JCB * Diners/Discover ## Authentication Flow {#authentication-flow} When a shopper tries to pay: * The merchant sends a security check request. * Mastercard Gateway determines the best way to handle it based on the shopper's bank. * The bank decides based on EMV 3DS readiness and transaction risk. ### The bank may use: {#the-bank-may-use} * Biometrics (fingerprint, Face ID) * One-time password (OTP) * App-based approval * Or **no challenge at all** (frictionless flow) ![Authentication Flow](https://static.developer.mastercard.com/content/mastercard-gateway/img/3-ds-authentication-flow.png) ### Frictionless Flow Example {#frictionless-flow-example} 1. Shopper makes a purchase.![Shopper makes a purchase.](https://static.developer.mastercard.com/content/mastercard-gateway/img/frictionless-flow.png) 2. Shopper's bank performs a risk check. 3. Bank decides transaction is low risk → Merchant processes payment. ### Challenge Flow Example {#challenge-flow-example} 1. Cardholder buys something on merchant website.![Cardholder buys something on merchant website.](https://static.developer.mastercard.com/content/mastercard-gateway/img/challenge-flow.png) 2. Bank asks customer to verify via phone.![Bank asks customer to verify via phone.](https://static.developer.mastercard.com/content/mastercard-gateway/img/challenge-verify.png) 3. Cardholder taps fingerprint or enters OTP.![Cardholder taps fingerprint or enters OTP.](https://static.developer.mastercard.com/content/mastercard-gateway/img/biometric-verify.png) 4. Merchant processes payment. ## Enable EMV 3DS {#enable-emv-3ds} ### What Acquirers Need to Do {#what-acquirers-need-to-do} * **Set Up Commercial Agreements** Acquirers must have commercial terms for customers using EMV 3DS. * **Enroll in Card Scheme Programs** Programs include: * Mastercard Identity Check * Visa Secure Assign Mastercard Gateway to manage 3D Secure certificates and use MPGS MPI for authentication. * **Add Merchants to the Program** * Use ISSM tool in Mastercard Connect. * Merchants using Verified by Visa don't need re-enrollment. * Amex merchants register with Safekey. * JCB and Discover/Diners merchants enroll directly with their schemes. * **Update Acquiring Platform** Ensure systems can pass EMV 3DS data during authorization and clearing for Mastercard and Visa. ### What Merchants Need to Do {#what-merchants-need-to-do} * **Enroll in EMV 3DS Programs** Register with programs like Mastercard Identity Check, Visa Secure. * **Enable EMV 3DS in Merchant Manager Profile** Configure account to support EMV 3DS. * **Use Latest 3DS API** Integrate with 3DS Authentication API (version 57 or later). * **Enable in Gateway Portals** * **Merchant Manager Portal** : Configure EMV 3DS in Merchant Profile. ![Merchant Manager Portal](https://static.developer.mastercard.com/content/mastercard-gateway/img/cardholder-verification.png) * **Merchant Administrator Portal** : * Login → Admin tab → Integration settings ![Merchant Administrator Portal](https://static.developer.mastercard.com/content/mastercard-gateway/img/MA-portal-integration.png) * Under **Hosted Checkout** , select "Authentication API" in dropdown. ![Hosted Checkout](https://static.developer.mastercard.com/content/mastercard-gateway/img/hosted-checkout.png) ## EMV 3DS Merchant Integration Options {#emv-3ds-merchant-integration-options} ### 1. Hosted Checkout {#1-hosted-checkout} * Easiest way to accept payments using Mastercard Gateway. * Payment page hosted by Mastercard Gateway. * Display options: * Pop-up (lightbox) * Full web page * Security check triggered automatically when card details are entered. ### 2. 3DS JS Library {#2-3ds-js-library} * For merchants wanting control over UI without handling card data: * Mastercard Gateway collects and processes payment details securely. * Reduces PCI compliance requirements. * Use 3DS JavaScript to trigger authentication from merchant's own page. ### 3. Authentication API {#3-authentication-api} * For full control over payment experience: * Merchant designs own payment pages and collects card details. * Merchant must meet strict PCI compliance requirements. ## EMV 3DS Authentication Flow {#emv-3ds-authentication-flow} ![EMV 3DS Authentication Flow](https://static.developer.mastercard.com/content/mastercard-gateway/img/emv-3ds-authentication-flow.png) ## EMV-3DS Testing Strategy {#emv-3ds-testing-strategy} ### Integration Testing -- Merchants {#integration-testing--merchants} * Use test MerchantID starting with "TEST". * Test payments sent to simulated ACS. * No DCF generated during this phase. ### Acquirer Testing -- Live Merchant Profile {#acquirer-testing--live-merchant-profile} * Submit pre-authenticated test payments to simulate EMV 3DS. * DCF generated with EMV 3DS data for downstream validation.