Understanding the 3DS code



The digitization of banking services has inevitably led to increased online security to protect consumers.

Unfortunately, payment fraud is not uncommon. That's why the Financial Conduct Authority (FCA) has taken matters into its own hands to ensure the safety of online consumers while reducing the liability of businesses when an authorized transaction is processed.

Due to ongoing security concerns, the Payment Services Directive (PSD) and the Strong Customer Authentication (SCA) system were introduced, making 3D payments more secure. These regulatory measures will affect all businesses operating online.


There is a lot of jargon and acronyms used to describe regulatory actions in the payments industry. These various acronyms can be quite opaque. That's why we've created a short glossary to help make sense of them and clarify their meaning.

  • PSD2: This is the Payment Services Directive. It is legislation that requires payment service providers (PSPs) to strengthen their security by improving customer authentication. This is a security requirement that protects consumers and reduces the risk of fraud.
  • 2FA: This is two-factor authentication. It is a process whereby a person making an online payment must provide two authentication factors to prove their identity. For example, you may be redirected to your online banking application to provide a PIN to verify your identity.
  • 3DS: This is the abbreviation for 3D secure. 3D secure is an online payment service available for Visa and MasterCard. This measure was implemented to prevent fraud in 2001. It has become an essential security factor when making online payments. 3D secure requires the buyer to verify their identity by entering a password or sending a one-time authentication code to their cell phone.
  • SCA: This is strong customer authentication. This is a requirement of PSD2 that we mentioned earlier. It requires businesses to require two different authentication factors to prove a consumer's identity (2FA). This affects both online and offline services and protects consumers from fraud. It will become a legal requirement for all online transactions by March 2022.

What is strong authentication?

Strong customer authentication not only enhances the security of the consumer, but also that of your business. It adds an extra layer of protection, increases consumer confidence, reduces chargebacks, and allows for better risk management of online payments.

Why do my payments fail?

In accordance with the regulations that will be fully effective in March 2022, card providers such as MasterCard, American Express and Visa have begun implementing strong customer authentication. As a result, online transactions are being checked more frequently for 3DS compliance.

This requirement can mean that your payments fail because your customers are not using 3DS cards to make a payment. If your customer does not follow the identification process correctly (e.g., a text message from their bank to verify their identity), the payment will fail. Unfortunately, you have no control over this situation, which depends on the card provider and the consumer.

Why do some payments get through?

You may notice that some transactions pass and others do not. This is because all transactions must now pass the 3DS test, even if the consumer does not have a 3DS card. This means that if they have to provide two-factor authentication, it will fail. As with contactless payments, transactions are randomly selected to complete the 3DS process. Alternatively, a consumer may have a 3DS card but not know how to complete the authentication process, resulting in a failed payment. If the customer uses a 3DS card, but the payment still fails, it could be due to several reasons:

  • The one-time PIN code sent by the bank was entered incorrectly.
  • The customer did not receive a PIN code or authorization message from their bank to approve the transaction, or they entered an old/expired PIN code.
  • The PIN code or authorization message sent by the bank was not entered or approved within the required time frame.

In a nutshell

The 3DS code complies with the legislation on online transactions: the PSD2. This legislation aims to protect consumers and businesses from fraud. Thus, the 3DS is a two-factor authentication process that your customer must undergo to validate his transaction.

While this process is designed to protect your customers, not all of them have 3DS-protected credit cards. This means that some will not be able to validate their transaction. Others simply do not know how to validate their transaction with the 3DS. This is why you can see many failed transactions. Moreover, this process is not applied systematically and transactions are selected randomly.

Swikly is of course up to date on the DSP2 and systematically asks for a 3DS code when securing a deposit. This way, you are protected against fraud and stolen cards. This is also the reason why some security deposits can fail.

Soon, PSD2 will come into full effect and card providers will have to be up to date to handle the 3DS process. Thus, you should see a decrease in failed transactions.



Marketing & Communication Manager for Swikly. I regularly write educational and informative articles and documents for rental professionals.

Did you like this article?

Don't miss our next publications! Subscribe to our newsletter!

You can unsubscribe at any time. Check out our privacy policy.

Legal information

Editorial references

The swikly.com website is published by SWIKLY, a simplified joint stock company with a capital of 10,000 euros.
SWIKLY is registered in the Lyon Trade and Companies Register under number RCS 819 514 076
The head office is located in Lyon (France), 12 rue de la Barre, 69002 - Phone : +33 4 20 88 00 48 - email : contact@swikly.com
Director of publication: Mr. Shaun WOURM, President of SWIKLY - shaun.wourm@swikly.com.
The hosting of the Site has been entrusted to Microsoft Ireland Operations Limited (Microsoft AZURE offer), whose registered office is located at DUBLIN 18 99000 BLACKTHORN ROAD, Ireland, registered in the Trade and Companies Register of "Foreign company n/immat.RCS" under the number 419 423 728, reachable by phone at +353 1850 940 940.
SWIKLY - April 2016 - All rights reserved

Personal data

The creation of a personal account and the use of the site imply the collection of personal data and the processing of data.
The purpose of this processing is the management of the Swikly smarphone Application, of the Website Services and the activity of the SWIKLY company. This processing of personal data is the subject of a declaration to the CNIL by the Company under the number 1948037.
The following personal data of the user is accessible to any other registered user:
-first name and first letter of a user's name.
The following personal data of the user is accessible to any user who has accepted a Swik of the said user concerned:
-first name, last name and reputation of the user.
Personal data is transferred by the Company to its service providers and subcontractors, in accordance with the aforementioned declaration made to the CNIL. All access to the user's personal data by these subcontractors and service providers is subject to the use of a login and password, with the data also being transmitted via an encrypted link.
No personal data is collected for purposes other than those mentioned above, nor is it passed on to third parties without your consent or used without your knowledge.
In accordance with the law n°78-17 of January 6, 1978 modified, relating to Data processing, the Files and Freedoms, you have a right of access, of modification and suppression of the personal data concerning you (art.34 of the law).
These rights can be exercised with the Data Controller:
Service CNIL, Société SWIKLY - 12 rue de la Barre 69002 LYON, France - contact@swikly.com.
You will find all the information concerning your rights, duties and the protection of personal data on the website of the Commission Nationale de l'Informatique et des Libertés: http://www.cnil.fr
When you visit the Site, a cookie is placed on your computer. The Company uses cookies to enable and facilitate electronic communication, to provide features tailored to the needs of Users. The cookie is used to identify the user at each of his connections, and thus facilitates his access to the Service. The user can refuse cookies when accessing the smarphone Application or by changing the configuration of his browser. This may however alter the functionality of the smarphone Application, which the User accepts.


To report any errors or anomalies on the site:
Webmaster: contact@swikly.com

Free guide:

The 2023 vacation rental PMS