Glossary/3D Secure / SCA

What Is 3D Secure and Strong Customer Authentication?

3D Secure (3DS) is an additional authentication step for online and card-not-present payments, where the cardholder verifies their identity — typically via a one-time passcode, biometric or banking app prompt. Strong Customer Authentication (SCA) is the regulatory requirement under PSD2 that makes this type of verification mandatory for most electronic payments in the UK and Europe.

3D Secure Explained

3D Secure — often recognised by brand names like Visa Secure, Mastercard Identity Check or American Express SafeKey — adds an extra step to card-not-present transactions. Instead of simply submitting card details, the customer is asked to verify their identity through a second factor, such as a one-time passcode sent to their phone, a fingerprint scan or approval through their banking app.

The "3D" in 3D Secure refers to three domains involved in the process: the card issuer (the customer's bank), the acquirer (the merchant's bank) and the interoperability domain (the card scheme infrastructure that connects them).

What Is Strong Customer Authentication (SCA)?

Strong Customer Authentication is a requirement introduced by the second Payment Services Directive (PSD2) in the UK and European Economic Area. It mandates that electronic payments must be authenticated using at least two of the following three factors:

Something the customer knows — such as a password or PIN.
Something the customer has — such as a phone or physical card.
Something the customer is — such as a fingerprint or facial recognition.

3D Secure version 2 (3DS2) is the primary mechanism for meeting SCA requirements in card payments. It was designed to be more user-friendly than the original 3DS, with better mobile support and a smoother checkout experience.

When Does SCA Apply?

SCA applies to most customer-initiated electronic payments in the UK and EEA. However, there are exemptions that can allow transactions to proceed without the extra authentication step:

Low-value transactions — payments under a certain threshold (currently 25 GBP or 30 EUR) may be exempt, subject to cumulative limits.
Trusted beneficiaries — customers can whitelist merchants they trust, so future payments skip SCA.
Recurring payments — after the first payment is authenticated, subsequent recurring charges of the same amount to the same merchant may be exempt.
Merchant-initiated transactions — payments initiated by the business (such as variable subscriptions) can use different authentication flows.
Transaction Risk Analysis (TRA) — payment providers with low fraud rates can request exemptions for transactions below certain thresholds.

3D Secure and Telephone Payments

It is important to note that SCA requirements apply primarily to customer-initiated electronic payments. Telephone payments (where the customer provides their card details by phone to an agent or IVR system) are classified as merchant-initiated or "mail order / telephone order" (MOTO) transactions. MOTO transactions are generally outside the scope of SCA, though the card issuer may still apply its own risk checks.

Impact on Chargebacks

One significant benefit of 3D Secure is the liability shift. When a transaction is successfully authenticated through 3DS, the liability for fraudulent chargebacks typically shifts from the merchant to the card issuer. This means if a fraudster uses stolen card details but passes the 3DS check, the merchant is usually protected from bearing the financial loss.

How Paytia Uses This

Paytia's platform is designed to work seamlessly alongside 3D Secure and SCA requirements. For telephone payments processed through Paytia's agent-assisted or IVR solutions, transactions are classified as MOTO, which means they fall outside the scope of mandatory SCA — giving your customers a smooth payment experience without additional authentication hurdles.

For businesses that also take payments through Paytia's web-based channels — such as payment links or the customised web checkout — 3D Secure 2 is fully supported. This means customers paying online go through the required authentication step, keeping you compliant with PSD2 regulations while benefiting from the liability shift that 3DS provides.

Paytia ensures that whichever channel your customer uses to pay, the right level of authentication is applied automatically, so you stay compliant without adding complexity to your payment operations.

Secure Telephone Payments Payment Links Customised Web Checkout

Frequently Asked Questions

Does 3D Secure apply to payments taken over the phone?

No. Telephone payments are classified as MOTO (mail order / telephone order) transactions, which fall outside the scope of the SCA regulations that require 3D Secure. However, card issuers may still apply their own risk-based checks on individual transactions.

What happens if a customer fails the 3D Secure check?

If the customer cannot verify their identity through 3D Secure — for example, if they do not have access to their phone for a one-time passcode — the transaction will be declined. They would need to try again or use an alternative payment method.

Does 3D Secure eliminate chargebacks?

Not entirely, but it significantly reduces them. When a payment is successfully authenticated through 3D Secure, the liability for fraud-related chargebacks shifts from the merchant to the card issuer. This protects your business from most fraudulent transaction disputes.

See how Paytia handles 3d secure / sca

Book a personalised demo and we'll show you how our platform works with your setup.

Request a Demo

Agent-assisted Payments

Automated Payments

Banking Payments

Other

Financial Sectors

Charities & Education

Other Industries

Partner Programs

Partners

Featured Partners

Learning Centre

Demonstration Videos

Integration & APIs

Support

Company