Next-generation
strong authentication
Take advantage of compliant and seamless identity verification processes that don’t affect
the payment experience.
Response within 24 hours!
A strict regulatory framework
Strong Customer Authentication (SCA) is a regulatory requirement stemming from the European PSD2 directive.
It requires verifying the payer’s identity using at least two independent factors from among three categories:
What he knows
Password, code, security question
What he has
Phone, connected device, card, token
What he is
Fingerprint, facial, or voice recognition
How does it work?
Streamline the payment experience by assessing risk
3DS2 is the technical protocol that implements strong authentication for card payments.
Compared to its predecessor, it significantly improves the user experience.
La banque émettrice calcule un score de risque, grâce à plusieurs données qui replacent le paiement dans son contexte.
Si le profil de transaction est jugé peu risqué, l’authentification se fait en arrière-plan, sans redirection ni saisie de code : c’est le parcours frictionless. Dans le cas contraire, une étape de vérification supplémentaire est demandée au porteur.
Phone data
Among the 12 data points collected from mobile platforms are the following:
- The type of platform used, along with the user’s IP address
- The device name and model, and the screen resolution
- The operating system and OS version are also included
- The time zone and location of the device
Browser data
The data captured from the customer’s browser is divided into 9 categories:
- Accept Headers: indicate the content types (MIME) that the browser is capable of understanding
- IP Address: the IP address of the computer on which the browser is running
- Java Enabled: indicates whether Java is enabled in the browser
- Language: indicates the language used by the cardholder’s browser
- Screen Color Depth: indicates the depth of the color palette used to display images on the screen
- Screen Height: indicates the total height of the cardholder’s screen in pixels
- Screen Width: indicates the total width of the cardholder’s screen in pixels
- Time Zone: indicates the time difference between UTC and the cardholder’s local time
- User-Agent: indicates the exact content of the HTTP User-Agent header
Merchant risk
To enrich the transaction with contextual data and minimize risk, the bank may collect and use additional information about cardholders.
- The “customer account”: customer data held by the merchant as part of a registered account (account age, dates of any changes made to the account, shipping address, and transaction frequency, including both successful and abandoned transactions, etc.)
- Purchases: the customer’s purchasing habits, whether the products or services purchased have been ordered before (indicator of a new order for items), where the order is shipped (shipping indicator), and whether the order was purchased in advance (pre-purchase order indicator)
- Authentication of past transactions: any friction encountered during transactions (requests for additional authentication, date and time of previous attempts)
Optional information may include supporting documentation regarding the issuer and third-party authentication (Google, Apple).
Some exceptions
Under certain conditions, the payer’s bank may waive the requirement for systematic authentication.
💳
Small-amount transactions,
under 30 euros
💼
Payments with a corporate/business card
🌍
Transactions outside
the EEA
📞
Some MOTO transactions
(Mail Order/Telephone Order)
🔁
Recurring payments
of fixed amounts
💼
Trusted recipients,
on the whitelist
The strong authentication protocol with CentralPay
Find out how CentralPay handles 3DS for you.
Optimized transactions
CentralPay optimizes transaction routing to limit authentication steps to only those cases where they are necessary. A seamless experience for your customers, full compliance for your business.
Native integration
CentralPay supports the 3DS protocol (exemption management, communication with card issuers, etc.) without requiring any additional development on your part.
FAQ
Any questions about strong authentication?
3D Secure 2.0 meets the authentication requirements defined by the Regulatory Technical Standards (RTS) published by the European Banking Authority (EBA) and approved in 2018.
In 2019, as part of the Payment Services Directive 2 (PSD2), the European Parliament made Strong Customer Authentication (SCA) mandatory in order to limit the risk of fraud.
An evolution of the 3D Secure protocol, version 2.0 offers new benefits:
- Data-oriented: It uses a smarter approach, collecting more data about the transaction to assess the level of risk and determine whether authentication is necessary.
- Improved user experience: To reduce friction and avoid compromising the user experience, 3D Secure 2.0 integrates strong authentication more seamlessly into the payment process.
- Enhanced security: With more advanced authentication and analysis methods, 3D Secure 2.0 enables more accurate identification of fraudulent transactions while reducing false positives.
- Multi-device support: Unlike its first version, 3D Secure 2.0 is now supported on a wide variety of devices, offering a more seamless authentication experience across all platforms, including smartphones and tablets.
No. The protocol is designed to add an extra layer of security to online payments and protects both e-merchants and consumers by reducing the risk of credit card fraud.
Do you have a project?
Our teams analyze your architecture and provide you with a compliant, ready-to-deploy solution.

