What is 3DS?

3DS is an additional layer of security and fraud protection for card payments.   

3DS means that the card issuer (the bank who issued the card) may require the card holder to enter a code when making a payment.  The card issuer usually sends the code to the card holder by SMS. The card holder must enter on the payment page to confirm that the card is theirs. Once the card has been verified, payment is authorised and the transaction is completed. 

3DS is applicable on all payment pages when the cardholder is processing the payment, as the code can only be received and entered by them. The card issuer determines whether the card holder is challenged to enter a 3DS code based on various fraud control algorithms.  

Remember that not all credit card are 3DS enabled, and this is at the discretion of the credit card issuer. 

Benefits to Merchant

Reduced chargebacks – 3DS removes liability for many ‘unauthorised’ disputes.

No cost or effort to implement.

3DS provides additional layer of security.

Greatly reduces fraudulent transactions.

Benefits to Cardholders

Enhances card security.

Increases customer confidence when processing payments.

Easy to use.

Reduces unauthorised transactions.

How does it work?

3DS is triggered in the transaction process. See the below flow of how this will look: 

An example of 3DS being triggered from ANZ. 

3D Secure is a huge leap forward in the world of online payments. Not only does the technology offer smoother shopping experiences, but it also takes online payment security to a whole different level, ensuring a safer and more reliable experience for both customer and merchant. 


 3D Secure is triggered by the card issuer in order to provide extra protection against unauthorised use of a card. 

They will need to contact their card issuer to ensure that their contact details are correct for 3D Secure. Some Banks have not implemented 3D Secure. 

The 3DS ‘enter your code’ fields will automatically appear when 3DS is supported and it is presented by the bank that issues the customer’s card. The bank’s fraud algorithm decides whether to 3DS challenge the cardholder or not. 

3DS is available for Mastercard, Visa and American Express cards but whether it is configured for all cards, and whether a code is required, is at the discretion of the card issuer. 

The card issuer determines whether the card holder is challenged to enter a 3DS code based on various fraud control algorithms. 

TravelPay does not determine whether the card holder is 3DS challenged, does not determine whether the code entered is correct, and does not decide whether the transaction is approved.   


Under no circumstances should you process credit card payments over the phone without sighting the credit card

A cardholder will have to contact their card issuer if they wish to verify that their card requires 3D Secure. 

No – verification codes are one-time only. The card issuing bank will send your customer a new one each time.

Customers should contact their card issuer to determine the reason the payment was declined. 

3DS is available:  

  • on all customer payment pages that are hosted by TravelPay – the URL will contain ‘pay.travelpay.com.au’; and  
  • if your software utilises the TravelPay Payment Plugin integration – this includes VTO, PowerSuite, EventsAir, Lemax and Odysseus.

Integrations that utilise card APIs do not currently support 3DS – this includes the Tramada ‘Pay Now’ invoice customer payment integration.  

3DS is also not available on payment pages that are designed for travel agents to use. E.g. Merchant Payment Portal.  Merchant Payment portal should only be used for processing card payments when a credit card is sighted by consultant processing the transaction.

To ensure 3DS is available, use a payment page that is hosted by TravelPay – the URL will contain ‘pay.travelpay.com.au’. 

3D Secure is also known as Verified by Visa, Mastercard SecureCode and American Express SafeKey.