An additional layer of security for online card-not-present transactions using the 3DS protocol.

Overview

3 Domain Secure (3DS) is an additional layer of security for online payments where the physical card is not presented to the merchant. The three domains—acquirer, scheme, and issuer—interact with each other using a 3DS protocol where they exchange information and authenticate the transaction, determining if additional input is required by the cardholder that only the cardholder and card issuer will know.

Verification Methods

All payment gateways integrated with RMS, including RMS Pay, include two verification methods through the 3DS protocol—frictionless and challenge.

• Frictionless: Uses background information to verify the cardholder and transaction without the cardholder needing to verify themselves actively. 
• Challenge: Occurs when the card issuer has determined that the transaction requires additional verification from the cardholder before completing the transaction. 

When the transaction results in a challenge, the cardholder must supply two-factor verification through an SMS code or personal password determined by the card issuer. The transaction is only confirmed after this verification is successful.

When Does 3DS Apply?

Card issuers use complex security risk assessment and fraud detection algorithms to determine if a transaction requires 3DS input by the cardholder. This two-factor type of verification only applies to card-not-present transactions initiated on

• Guest Portal
• RMS Booking Engine
• RMS Pay By Link

Transactions initiated in RMS 9+ using a credit card token or the RMS Pay terminal will not require this additional verification step from the cardholder.

Benefits

This verification process significantly reduces the occurrence of fraudulent transactions, protecting properties from chargebacks due to fraudulent activity and shifting liability to the cardholder.