Three-Domain Secure (3DS or 3-D Secure) is a protocol that allows consumers to authenticate themselves with the issuer of their payment card when they wish to undertake a non-contact transaction, such as purchasing over the internet. It is another layer of security to protect agaist unauthorized transactions in an e-commerce environment.
This standard is being mandated by the payment industry in order to reduce fraud.
Iberia, NDC and 3DS
Iberia is implementing 3DS in our IATA NDC 17.2 schema version. Therefore due to the 3DS mandate, credit card payments will only be accepted in the 17.2 messages once the mandate comes into effect.
This will be implemented market by market. Once a market mandates 3DS then we will no longer accept Credit Card payments from that market unless processed in 17.2 messages.
The Seller will be responsible for the Authentication Process using their own external provider. This should be done (Step1) before the OrderCreate or OrderChange message is sent (Step2) to Iberia with the Credit Card payment.
The information relevant to the authentication must be included in the elements "SecurePaymentVersion1" o "SecurePaymentVersion2" depending of the 3DS version implemented.
The following diagrams are to help understand the process:
For payment in a servicing flow the OrderChange message would replace the OrderCreate message in the above diagram.