Authentication
The authentication methods in the Mastercard Gateway ensure secure and seamless online transactions for businesses and payers. The gateway provides the following methods for payer authentication.
3D Secure authentication
3D Secure (3DS) is a security protocol that adds an additional layer of security to online purchases by requiring cardholders to authenticate themselves with the card issuer when making payments. It helps to prevent unauthorized online transactions, reduce the risk of fraud, and protect you from chargebacks if the transaction is authenticated successfully. The 3DS feature of the gateway supports 3DS2 only.
For more information, see 3D Secure Authentication.
RuPay payer authentication
RuPay Payer Authentication is a service provided in India for RuPay cardholders. It allows you to authenticate RuPay cardholders before initiating a RuPay payment. When a RuPay cardholder makes an online transaction, they are redirected through the RuPay PaySecure network to a site that an issuer has hosted to enter the One-Time-Password (OTP). You receive the authentication result that enables you to decide whether you want to proceed with the payment.
For more information, see RuPay payer authentication.
PSD2 SCA compliance and exemptions
The Revised Payment Services Directive (PSD2) is legislation effective in the European Economic Area (EEA) that regulates payment services throughout the EU. To achieve better consumer protection, PSD2 mandates that payment service providers implement Strong Customer Authentication (SCA) for eCommerce transactions. For card payments, you can achieve SCA by performing 3DS. However, 3DS adds an additional step to the checkout flow, asking your payer to provide additional details during the authentication challenge.
This is inconvenient to payers and potentially results in higher drop-off rates as payers abandon the checkout process. Therefore, the PSD2 mandate includes a set of exemptions where SCA is not required, potentially allowing your payer to bypass this additional step during the checkout flow. For example, low-risk transactions, low-value transactions, or recurring transactions may be exempt from SCA under certain conditions. The gateway allows you to claim these exemptions (when applicable) for your 3DS integration flows.
For more information, see PSD2.