Introduction

This article provides a consolidated overview of how you can configure Payer Authentication (3-D Secure) for Cybersource, including enablement requirements, setup steps, enrollment workflow, and troubleshooting guidance. This information helps resolve the most common 3DS-related support cases, including configuration gaps, missing indicators, ECI 0/7 values, and step-up challenges not appearing.

Payer Authentication (3-D Secure) is a cardholder authentication service that deters unauthorized card use and enables you to receive protection and liability shift from fraudulent activity and chargebacks. It allows you to support the following card types without running additional software on your own server(s):

• Visa - Verified by Visa (VbV)
• MasterCard/Maestro - MasterCard SecureCode
• American Express - Amex Safekey
• JCB - J/Secure

Use this guide to ensure your merchant account is properly configured, understand the full 3DS workflow, and troubleshoot common enrollment and authentication issues.

Overview

The Payer Authentication (3-D Secure) service adds an additional layer of security and supports liability shift. Successful authentication depends on proper account enablement, accurate API requests, and completion of all steps in the 3DS flow.

• 3DS must be enabled at the portfolio (organization) level before Merchant IDs (MIDs) can process authenticated transactions.
  • For instructions on how to request Portfolio level configuration, refer to Support Article: Portfolio Management - Configuring Processors and Products
• If 3DS is enabled at the portfolio level, all transaction MIDs may use 3DS unless custom MID-level configuration is required.
• Most setup failures occur because 3DS is not fully enabled, incomplete, or missing indicators during processing.

Prerequisites

Before configuring or integrating 3-D Secure, ensure you:

1. Contract and sign for Payer Authentication (3DS).
2. Enable 3DS on the Cybersource portfolio MID and/or transaction MID in the Enterprise Business Center (EBC).
3. Confirm acquirer support for 3-D Secure on your merchant account.
4. Contact Client Services to validate setup completeness.
   How to Contact Client Services

Enablement Requirements

To request activation of Payer Authentication, submit a Support Case with the following information:

Merchant Information

• Organization ID (formerly CyberSource Merchant ID)
• Company Name
• Merchant Website URL
• Primary Processing Currency

Merchant Acquirer Information

• Acquiring Bank Name
• Acquirer Contact Name
• Acquirer Contact Phone Number and/or Email

Verified by Visa Requirements

• Acquirer Bank Identifier (Visa Bank Identification Number)
• Acquirer Visa Merchant ID

Mastercard Identity Check Requirements

• Acquirer Bank Identifier (Mastercard Bank Identification Number)
• Acquirer Mastercard Merchant ID

Procedure

Step 1: Add 3DS Credentials

1. Sign in to the Business Center.
2. Navigate to Payment Configuration > Payer Authentication Configuration.
3. Select Add New Credentials.
4. Enter the 3DS credentials provided during enablement.
5. Select Save.

Step 2: Enable 3DS on Secure Acceptance Profiles

6. Navigate to Payment Configuration > Secure Acceptance Settings.
7. Select your Secure Acceptance profile.
8. Open the Payment Settings tab.
9. Select Edit Profile.
10. Under Payer Authentication 3DS Version, select 3DS 2.
11. Save the changes and select Promote to Active.

Understanding the 3-D Secure Enrollment Workflow

The typical 3DS API workflow includes these steps:

1. Setup Service
   • Executed after card entry.
   • Returns JSON Web Token (JWT), reference ID, and device data collection URL.
2. Device Data Collection
   Completed in a hidden iframe before enrollment check.
3. Check Enrollment
   Determines whether authentication or step-up is required.
4. Step-Up Authentication
   • Issuer challenge window must open within 30 seconds.
   • Displayed in an iframe or via the Software Development Kit (SDK).
5. Validation Service
   Used only if step-up is completed.
6. Authorization
   Send authentication values to support liability shift.

📱 Mobile SDK users skip the Setup step—the SDK manages device collection automatically.

Identifying Common Causes of 3DS Enrollment Failure

• 3DS not fully configured in Enterprise Business Center (EBC).
• Acquirer not enabled for 3DS.
• Issuer not participating in 3DS.
• Unsupported card types or Bank Identification Number (BIN) ranges.
• Unsupported currencies.
• 3DS version mismatch between merchant and issuer.
• Invalid card formatting (Luhn/length).
• Device data collection incomplete.
• Missing required API fields such as returnURL or browser data.
• Step-up iframe not opened within 30 seconds.
• Using test credentials in live environment.
• Network or endpoint issues.

Troubleshooting by Reason Code

FAQs

• What is Payer Authentication (3-D Secure)?
  Payer Authentication (3-D Secure) is a cardholder authentication service that protects against unauthorized card use and enables merchants to receive protection and liability shift from fraudulent activity and chargebacks.
• Which card types are supported?
  Visa (Verified by Visa), MasterCard/Maestro (MasterCard SecureCode), American Express (Amex Safekey), and JCB (J/Secure).
• What are the prerequisites for configuring 3DS?
  You must contract and sign for Payer Authentication, enable 3DS in the Enterprise Business Center, confirm acquirer support, and contact Client Services to validate setup completeness.
• What should I do if I receive Reason Code 234?
  Do not retry. Contact Client Services to correct your configuration.
• What is the time limit for opening the issuer challenge window?
  The issuer challenge window must open within 30 seconds.