3D Secure Payment Authentication
3D Secure payment authentication provides additional fraud protection by challenging a user’s identity when they make a credit or debit card payment. Typically, the user is required to enter a 2FA code sent to or generated by their mobile device. The code is then verified when the user processes a transaction through your web store.
Support for 3D Secure 1 ended on October 15, 2022. See End of Support for 3D Secure 1 for more information, including information about migrating your website technologies from 3D Secure 1 to 3D Secure 2.
3D Secure 2 is supported on the following flows of your Commerce website:
-
Make a payment, quotes, and reorder items: SuiteCommerce MyAccount (SCMA), Suitecommerce, and SuiteCommerce Advanced (SCA) versions 2023.1.1 and later.
-
Checkout, make a payment, and quote to sales order: SuiteCommerce and SCA versions 2022.2 and later.
-
Checkout flow only: SuiteCommerce and SCA versions 2020.1, 2020.2, 2021.1, 2021.2, and 2022.1.
See 3D Secure Authentication Process for information about how your Commerce website supports the use of 3D Secure payment authentication.
The following topics provide additional information about 3D Secure payment authentication:
Before you enable 3D Secure authentication, you must set up payment processing profiles for each payment gateway you use. See Setting Up Payment Processing Profiles in NetSuite.
Setting up 3D Secure payments on your Commerce website depends on your implementation:
Implementation |
Type of 3D Secure Supported |
Refer to |
---|---|---|
SuiteCommerce SuiteCommerce MyAccount SuiteCommerce Advanced 2020.1 and later |
2.0 |
|
SuiteCommerce Advanced 2019.2 SuiteCommerce Advanced 2019.1 SuiteCommerce Advanced 2018.2 SuiteCommerce Advanced Aconcagua SuiteCommerce Advanced Kilimanjaro |
2.0—External checkout only. Customization may be required. |
|
SuiteCommerce Advanced Elbrus SuiteCommerce Advanced Vinson SuiteCommerce Advanced Mont Blanc SuiteCommerce Advanced Denali Site Builder |
2.0—External checkout only.
Note:
The availability of 3D Secure 2 support depends on your implementation and requires customization. |
Configure 3D Secure Payments for Native 3D Secure
This topic explains how to enable native 3D Secure payments on your SuiteCommerce, SCMA, or SCA (2020.1 implementation or later) website.
The following steps are only required if you are using native 3D Secure. See 3D Secure Authentication Process for information about native 3D Secure and external checkout.
To enable 3D Secure payments for your website:
-
In NetSuite, go to Commerce > Websites > Configuration.
-
Select your website and domain and click Configure.
-
Go to the Advanced tab.
-
Check the Enable 3D Secure Payments box.
-
Click Save.
3D Secure Authentication Process
There are two typical ways to adopt 3D Secure 2 technology as part of your customers’ shopping experience: natively or by using an external checkout.
Not all SuitePayments solutions that integrate with NetSuite support 3D Secure 2. See Payment Gateway Support for 3D Secure 2 for a list of payment gateway partners who support 3D Secure 2.
Native 3D Secure 2
With native 3D Secure 2, an identity challenge displays to cardholders when they use your web store checkout. The challenge usually appears in-page as an iframe or on a separate step in your checkout.
To support native 3D Secure 2, your website must contain code specific to 3D Secure 2 and be able to support payment instruments.
Support for native 3D Secure 2 is included as part of your web store’s checkout processes if you are using SuiteCommerce or SCA versions 2020.1 or later.
Support for native 3D Secure 2 is included as part of your web store’s make a payment, reorder items, and quote to sales order processes if you are using SuiteCommerce, SCMA, or SCA versions 2022.2 or later.
SCA sites running 2019.2 or earlier, and all versions of Site Builder, do not support native 3D Secure 2. See Migrating from 3D Secure 1 to 3D Secure 2.
To confirm that your web store already processes payments with native 3D Secure 2:
-
In NetSuite, go to Lists > Search > Saved Searches > New.
-
Click Cardholder Authentication.
-
Click Preview without setting filters.
-
If cardholder authentication search results are returned, your web store is using native 3D Secure 2.
External Checkout
External checkout (also known as hosted payment pages) uses an external payment page provided by a payment gateway partner.
External checkout occurs when a user is redirected to an external web page that accepts and processes the user’s payment credentials. After completing their payment, the user is directed back to the web store and their order is submitted.
If your web store uses Site Builder or SCA versions 2019.2 or earlier, external payment integration must be with a payment gateway partner who supports 3D Secure 2. See Payment Gateway Support for 3D Secure 2.
Your website must be able to support external checkout. Support for external checkout is as follows:
-
All versions of SCA support external checkout. However, you may need to apply patches or make customizations to your website's code if your website uses SCA Kilimanjaro or earlier. See Migrating from 3D Secure 1 to 3D Secure 2.
-
Site Builder sites using SiteBuilder Extensions for the checkout provide varying support for 3D Secure 2, depending on the SiteBuilder Extensions version being used. See Migrating from 3D Secure 1 to 3D Secure 2.
-
Site Builder sites using Reference Checkout, or the built-in "classic" checkout, do not support 3D Secure 2. See Migrating from 3D Secure 1 to 3D Secure 2.
After 3D Secure authentication is enabled for your Commerce website, the following logic is applied to each payment card transaction using external checkout:
-
A user selects their payment method as a credit or debit card.
-
The user attempts to submit their order.
-
The web store redirects the user to the third-party payment processor’s external checkout or hosted payment page.
-
The user enters their card details and submits them.
-
The payment processor determines whether to show a 3D Secure challenge and, if required, does so.
-
If successful, the payment is processed, and the user is directed back to the web store where their order is completed.