How can we help?
How to implement 3-D Secure?Last updated on February 24, 2020
The contents in this article may contain information specific to Singapore
This support article explains the steps in enabling 3-D Secure for merchants who have implemented our API. If you use an Omise plugin, please select the guide specific to the plugin you currently use from this page.
When enabling 3-D Secure on your account, the service will first be enabled on test mode, then - once implemented - we will enable the service on your live account.
Accepting 3-D Secure payments:
- Create a Token using Omise.js
- Make a charge with your secret key and provide a
return_urito the params array. The
return_urishould be a URL on your site such as https://website.com/orders/123456789/complete
- The response Charge object will contain a new field:
authorize_uri, you must redirect your user to this URL.
- The cardholder will authenticate the transaction using their received OTP on the bank’s site and will be redirected back to the URL provided in the
- Make an API request to /charges to check the charge's latest status. See charge status and explanation.
The authentication process performed by the cardholder usually takes around 1-3 minutes as cardholders will have to wait for an SMS token. The process can take longer (up to 10 minutes) if the cardholder is enrolling for the first time. So be patient and give it a moment.
The redirection flow in short:
- User is redirected to Omise using
- Omise redirects user to issuing bank for 3-D Secure authentication
- Bank redirects user back to Omise
- Omise redirects user to merchant page using
Please note that 3-D Secure is mandatory for certain business types. Our fraud analysts will determine whether it is necessary to enable the service on your account based on your business’s risk profile.
Can’t find your answer?
Get in touch with us and we’ll get back to you as soon as possible