5. Opayo redirects your customer to their Issuer

Note: In most situations under the Revised Payment Services Directive (PSD2), 3D-Secure authentication is mandatory to complete transactions.

The customer’s browser redirect's to their Card Issuing Bank’s 3D-Secure authentication pages. These pages vary from bank to bank, but their purpose is to require the customer to authenticate themselves as the valid cardholder.

The customer may be asked to answer questions at their card issuer’s site. This might be a verification code sent by text, a password or a biometric. Conversely, the issuing bank might automatically authenticate low risk transactions or known customers and not require any interaction from your customer. 

If the issuing bank determines the person attempting the transaction is the actual cardholder, it assumes liability for any fraudulent use of that card during the transaction, protecting from what are known as ‘Chargebacks.’

Chargebacks occur when the cardholder subsequently challenges an authorisation with their issuing bank on the premise that it was obtain fraudulently. For more information on chargebacks and the rules around liability shift, please contact your acquiring bank. This level of protection for you is only afforded by 3D-Secure, which is why we recommend that you enable it on your Opayo account. You can enable and specify rules for 3D-Secure in MyOpayo.


❮ Back to Opayo checks for 3D-Secure enrolmentIssuing bank returns the customer to Opayo ❯