Overview
Paybyrd handles the complexity of card payment processing, including 3D Secure authentication. By default, the API triggers the 3D Secure V2 flow for all card transactions, with a native fallback to V1 if the card is not enrolled for V2. No additional development is required on your side to support both versions. A single request is enough to enable SCA (Strong Customer Authentication) and process payments in a secure environment.PCI compliance: In case you are not PCI compliant and you want to build your own cards payment form, please check our hosted form and card collect solution.
3D Secure
3D Secure (3DS) is a security layer that provides fraud prevention for card payments. The system requires customers to complete an additional verification step with the card issuer when paying. It involves a pop-up window or inline frame appearing during the online transaction process, requiring the cardholder to authenticate the card, typically by entering a password or a code sent to their phone. Paybyrd triggers 3D Secure for all transactions by default. To create a transaction without 3D Secure, set the parameterVerificationMethod=None. Note that the card issuer will likely decline such transactions.
Paybyrd API and 3D Secure server-side
The card payment creation is divided mainly in three steps:- Creation of the card payment
- 3D Secure authentication
- Payment completion (optional)
Creation of the card payment
On the first step you will need to create the payment and provide all the necessary information for the next steps. Paybyrd has two different flows that can be triggered depending on the parameters you sent to us. In the first flow, Paybyrd handles the 3D Secure authentication result and calls the payment completion automatically. To use this flow, provide theRedirectUrl parameter. Paybyrd redirects the customer to this URL after the full process completes. You can use that page to query the transaction status and direct the shopper accordingly.
You can see below an example of how to create a card payment that will trigger the 3D Secure flow which will be fully managed by Paybyrd:
Soft descriptor
You can customize the text shown on the cardholder’s bank statement for each transaction by passing asoftDescriptor value in the payment request. This is useful for providing a clearer transaction reference to your customers.
The field accepts a string of up to 22 characters. Requests exceeding this limit return 400 Bad Request.
Using callbacks in the 3DSecure flow
To handle the 3D Secure result yourself, provide theCallbackUrl inside the ThreeDSecure node instead of the RedirectUrl parameter. Paybyrd sends the authentication result to that URL as a base64-encoded query parameter. You can decode it, review the result, and decide whether to call the payment completion. This is useful if you need to run anti-fraud checks before completing the transaction.
You can see below an example of how to create a card payment that will trigger the 3D Secure flow which will be managed by you:
code field to know whether the transaction was accepted. A successful scenario returns the code BYRD207 and Pending redirect in the description field. You can find the list of all status codes in the Respone code reference.
The action field contains the next step.
If you use your own 3D Secure provider and perform cardholder authentication before calling the Paybyrd API, provide the authentication data in your request. Paybyrd will respond with code BYRD200 and no extra step is required. Please check the Using an external 3D Secure provider section.
3D Secure authentication
Once the shopper is redirected, Paybyrd triggers the 3D Secure authentication flow. A challenge may be presented, in which case the bank screen will wait for the shopper to authenticate. In case you provided theRedirectUrl parameter during the first step, the payment will be processed automatically right after the 3D Secure authentication and the shopper will be redirected to the URL sent.
For the scenario where you sent the CallbackUrl instead, we will call the provided URL with the threeDSecureResult parameter encoded in base64 as you can see below:
| Field | Description |
|---|---|
| TransactionId | Transaction id generated by Paybyrd |
| Status | Authorized — Authentication succeeded. Unauthorized — Authentication was declined. NotEnrolled — Card is not enrolled for 3D Secure. |
| AuthenticationData.ThreeDsVersion | V2 / V1 |
| AuthenticationData.Aav | Authentication value received by the 3DS provider |
| AuthenticationData.DsTransactionId | Transaction id in the directory server |
| AuthenticationData.ECI | Response code returned by the schemes |
| AuthenticationData.VerificationMethod | ThreeDSecure - Card went through the 3D Secure process. ThreeDSecureAttempt - Attempt (proof of authentication attempt, may continue to transaction but issuer might still reject). None - No authentication was performed |
| Code | Error code |
| Message | Error message |
| Details | Error message details |
| TransStatus | Transaction status returned by ACS |
| TransStatusReason | Transaction status reason returned by ACS |
Payment completion (optional)
After obtaining the 3D Secure response, call the Payment API to finalize the payment. Provide the card data and the 3D Secure information received during the previous step:3DS exemptions
If 3DS validation fails and you still want to proceed with the payment, provide thethreeDSecureExemption field, which accepts the values TRA and LowValue.
Using an external 3D Secure provider
If you use an external 3DS server to authenticate the cardholder, pass the authentication data to the API when creating the payment:verificationMethod field to ThreeDSecureAttempt.
