3DS Authentication

3DS (Three-Domain Secure) lets you perform an intuitive and consumer-friendly authentication process. 3DS adds additional security layers to reduce the fraud avoiding the unauthorized usage of credit cards.

What is 3DS?

3DS (Three-Domain Secure) is a messaging protocol that enables the issuers to authenticate their cardholders during the online shops. This authentication is performed before the transaction is authorized and follows the next flow.

The next infographic explains the authentication flow for 3DS.

John buys a cellphone through an e-commerce shop in his personal computer.

The cellphone shop, which is integrated to the PayU authentication service, wants to verify that John is the one making the purchase, so they send this transaction to authenticate.

Through 3DS communication, the issuer receives the request to authenticate the transaction and begins to review the shared data.

The issuer authenticates the buyer that is making the transaction successfully. Since the risk was low, the authentication was silent without contacting John.

When the transaction involves higher risk, John may receive a simple challenge, such as an OTP sent to his cellphone.

John receives the confirmation of his purchase and later on, he receives the cellphone at home.

3DS Benefits

3DS (Three-Domain Secure) adds additional security layers to reduce the fraud avoiding the unauthorized usage of credit cards, protecting you of chargebacks due to fraud transactions.

Using 3DS, you can have:

  • Higher approval rates, less fraud.
    The exchange of data between merchants and issuers helps to make better authorization decisions and fraud detection. In case of fraud chargebacks, the issuer is the one who has the responsibility with the buyer.

  • Better user experience.
    3DS allows a better integration of the authentication process during the shopping experience of the end user. Reduces the friction with the user in a higher percentage of transactions.

  • Complies with regulations and EMVCo standards.
    Supports a strong customer authentication for issuers, acquirers, and payment services in regulated markets.

3DS Authentication solution

3DS Authentication, available for Brazil and Colombia, is provided via API under two modalities:

  • Pass Through: if you have your own 3DS Authentication service, you can send us the authentication response in the payment request. Under this modality, you are responsible for the integration with an MPI or a 3DS Server.
    The Pass Through is intended for merchants integrated via API to PayU Latam Platform. For more information, contact your sales representative.

When using the 3DS Authentication solution, take into account the following:

  • The authentication service is independent from the authorization service.
  • The authorization must include the authentication response.

Benefits of our solution

  • You control and decide when to authenticate a transaction.
  • If you migrate to the HUB, you can have additional benefits of a global solution.

How to integrate 3DS?

3DS Authentication is a service available under demand, contact your Key Account Manager to sign the Terms & conditions to enable it.
Depending on the scenario you choose to use the 3DS Authentication, the integration procedure varies.

Pass Through

When you are integrated with an MPI or a 3DS Server, you just need to send us the authentication response in the payment request. Refer to your processing country to see an example of how to send the parameters returned in the response:


Last modified August 2, 2023: 3DS Authentication Update (f0dc6ff8)