4. Opayo checks for 3D-Secure enrolment

If the issuer is not part of the scheme or if an MPI error occurs, our server will check your 3D-Secure rulebase to determine if authorisation should occur. By default, transactions that cannot be authenticated will be forwarded to your acquiring bank for authorisation.

If you do have a rulebase set up, our system checks the rules you have in place to determine whether you wish for the customer to proceed with authorisation or if you require them to select a different payment method. In such circumstances, the customer will be returned to the card selection page for another attempt. After the third unsuccessful attempt, the customer will be redirected to your FailureURL with a Status of REJECTED and a StatusDetail indicating the reason for the failure. The 3DSecureStatus field will contain the results of the authentication. Rejected transactions will never be sent for settlement and the customer never charged. Your failure page should explain why the transaction was aborted.

If your rulebase allows authorisation to occur for cards that are not enrolled, the next step is for the system to obtain this from your acquirer. Learn more about requesting card authorisation.

In most cases 3D-Secure verification will be possible and the process continues in the next step.


❮ Back to Customer enters payment details on Opayo’s serverOpayo redirects your customer to their Issuer ❯