3DS is a protocol used to secure online credit & debit card transactions by having the customer interact with the card issuer to validate that they are the owner of the card. Once this validation is successfully complete, the merchant can execute transactions against the payment method with a drastically lowered fraud risk.
To achieve this verification, payment gateways use two primary patterns:
Verify the user’s ownership of the card prior to any transaction attempts
Allow the user & merchant to attempt a transaction, and then prompt for verification as needed. Successful completion of the verification is then required before the transaction is allowed to be processed.
The first approach is typically driven through an integration directly with the payment gateway. In this document, we dive into the best way to support the second pattern, which requires more Broadleaf involvement to keep the cart & its payments in sync.