Skip to main content

EMV 3D Secure

3D Secure is designed to prevent fraud by allowing the card issuer to authenticate your customer before you process a payment.

QuickStream supports two options:

  1. QuickWeb: The card issuer performs the authentication on Westpac hosted pages.
  2. QuickStream REST API: The card issuer performs the authentication within your website.

Benefits of 3D Secure

The benefits of EMV 3D Secure are:

  • Improved risk analysis - card issuers have the information they need to perform risk analysis.
  • Make it easy for your customers to pay - customers who are judged low-risk enjoy a frictionless flow.
  • Lower costs - less fraud and fewer chargebacks.

For more information, see:

How it works

  1. Your customer enters their card details.
  2. You send additional information through QuickStream to your customer's bank.
  3. If a challenge is required, your customer must pass the challenge before continuing.
  4. The payment is processed or card is stored in QuickStream.

What additional information is sent?

The additional information includes the customer's contact details, shipping address, and type of goods being purchased. This allows your customer's bank to decide if a challenge is required.

For a full list of fields, see 3D Secure Authentication in the QuickStream REST API.

What is a challenge?

A challenge allows your customer's bank to authenticate your customer. A challenge frame is displayed on your website. The customer enters information into the challenge frame. For example, their bank may send an SMS verification code and require the customer to type it in.

What is a frictionless flow?

In a frictionless flow, the customer does not need to complete a challenge.

How to implement EMV 3D Secure

To enable 3D Secure, you will need

  • a Westpac representative to enable this on your QuickStream facility,
  • a software developer to make changes to your website.

QuickWeb

These steps assume you have already implemented a QuickWeb solution.

QuickStream performs 3D Secure authentication automatically when it is enabled for your facility.

To improve the chances of a frictionless customer experience with EMV 3D Secure, you must:

  1. Implement the Secure token hand-off, and
  2. Provide the Parameters for 3D Secure.

Trusted Frame and REST API

These steps assume you have already implemented a Trusted Frame solution. The sequence diagram below shows a high-level overview of the steps involved.

Sequence diagram illustrating the steps below.

Step 1: Pre-authentication

To opt-in to EMV 3D Secure, when you call quickstreamapi.creditCards.createTrustedFrame pass option threeDS2 = true in the TrustedFrameConfigObject.

QuickStream will check if the card is enrolled in EMV 3D Secure.

When QuickStream sends the data.singleUseToken.singleUseTokenId back, check the field data.singleUseToken.creditCard.threeDS2AuthRequired.

data.singleUseToken.creditCard.threeDS2AuthRequired Next action
true Send a 3D Secure Authentication request using the singleUseTokenId.
false Process a payment or register an account using the singleUseTokenId.
Step 2: Authentication

To authenticate the cardholder, your server must send a 3D Secure Authentication request using your Secret API key.

This allows you to pass information such as the customer's contact details, billing address, shipping address etc.

The response will contain a transStatus to indicate if you should:

  • process a payment or register an account (A or Y), or
  • present a challenge frame (C), or
  • stop processing (any other value).
Step 3: Challenge

To present a challenge frame, call Javascript function quickstreamapi.creditCards.createChallengeFrame. QuickStream will send your site an updated transStatus to indicate if the customer has now passed the challenge.

Step 4: Process payment or register a card

If transStatus is A or Y after the authentication, you should send a request to:

Send the parameter threeDS2 set to true.

Westpac Privacy Statement

Privacy Statement (for individuals whose personal information may be collected - in this clause referred to as "you"). All personal information we collect about you is collected, used and disclosed by us in accordance with our Privacy Statement which is available at Privacy Statement or by calling us through your relationship manager or Westpac representative. Our Privacy Statement also provides information about how you can access and correct your personal information and make a complaint. You do not have to provide us with any personal information but, if you don't, we may not be able to process an application or a request for a product or service.