How can we help?

How to implement 3-D Secure?

Last updated on May 28, 2019

This support article explains the steps in enabling 3-D Secure for merchants who have implemented our API. If you use an Omise plugin, please select the guide specific to the plugin you currently use from this page.

When enabling 3-D Secure on your account, the service will first be enabled on test mode, then - once implemented - we will enable the service on your live account.

Accepting 3-D Secure payments:

  1. Create a Token using Omise.js
  2. Make a charge with your secret key and provide a return_uri to the params array. The return_uri should be a URL on your site such as https://website.com/orders/123456789/complete
  3. The response Charge object will contain a new field: authorize_uri, you must redirect your user to this URL.
  4. The cardholder will authenticate the transaction using their received OTP on the bank’s site and will be redirected back to the URL provided in the return_uri.
  5. Make an API request to /charges to check the charge's latest status. See charge status and explanation.

The authentication process performed by the cardholder usually takes around 1-3 minutes as cardholders will have to wait for an SMS token. The process can take longer (up to 10 minutes) if the cardholder is enrolling for the first time. So be patient and give it a moment.

The redirection flow in short:

  1. User is redirected to Omise using authorize_uri
  2. Omise redirects user to issuing bank for 3-D Secure authentication
  3. Bank redirects user back to Omise
  4. Omise redirects user to merchant page using return_uri

Please note that 3-D Secure is mandatory for certain business types. Our fraud analysts will determine whether it is necessary to enable the service on your account based on your business’s risk profile.

Related articles:
Fraud Protection

Can’t find your answer?

Get in touch with us and we’ll get back to you as soon as possible