Developer PortalMerchant Access Portal
Merchants
HomeMerchantsDevelopers
Start typing to search…

3D Secure with PayGate

Boost customer confidence and protect your business from fraud.

PayGate supports 3D Secure (also known as Mastercard SecureCode and Verified by Visa) to help prevent unauthorised card payments and reduce chargebacks. It’s an additional layer of cardholder authentication that happens during checkout.

And best of all? We handle the technical bits — automatically.


sequenceDiagram
    participant Customer
    participant Merchant Website
    participant PayGate
    participant Issuer Bank

    Customer->>Merchant Website: Starts checkout
    Merchant Website->>PayGate: Sends payment request
    PayGate-->>Merchant Website: Responds with Redirect
    Merchant Website->>Customer: Redirects to PayGate
    Customer->>PayGate: Lands on Secure Payment Page
    PayGate->>Issuer Bank: Redirects to authentication page
    Customer->>Issuer Bank: Enters 3D Secure credentials
    Issuer Bank-->>PayGate: Authentication result
    alt NotifyUrl specified
        PayGate->>Merchant Website: Posts result to NotifyUrl
        Merchant Website-->>PayGate: Responds with 'OK'
    else Notify fails
        PayGate->>Merchant Website: Retries (max 3 times)
    end
    PayGate->>Customer: Redirects back to Merchant (ReturnUrl)

    Note over PayGate, Merchant Website: If customer abandons authentication, PayGate sends an "incomplete" notification after 30 mins.

How It Works

When a card payment requires 3D Secure authentication:

  • The customer is redirected to their bank’s authentication screen.

  • Once complete, the customer is returned to your website.

  • You’ll be notified of the transaction result via your configured NotifyUrl.

You don’t need to build anything to support this — it’s built right into your Hosted Payment Page or Redirect solution.

What Happens After 3D Secure?

After the customer completes (or abandons) the authentication:

  • PayGate posts the result to your NotifyUrl (if provided).

  • Then, the customer is redirected back to your ReturnUrl.

If we can’t reach your NotifyUrl the first time, we’ll try two more times at 30-minute intervals.

To confirm you’ve received the result, your endpoint must return a simple:

OK

What if the customer abandons the payment?

If a customer closes their browser or disappears during the process:

  • You’ll still receive a notification after ~30 minutes that the transaction was incomplete.

  • This gives you the full picture, even if the payment was never finalised.

Good to Know

  • 3D Secure is required by card schemes for many transactions.

  • Transactions may fail if customers don't complete authentication.

  • No 3D Secure? The transaction will proceed normally unless the issuer declines it.

Updated 4 months ago