3D Secure (often called 3DS or 3D Secure 2) is an extra layer of protection for card payments. It helps confirm that the person making the purchase is the rightful cardholder, reducing the risk of fraud.
When paying online with a card that supports 3D Secure, the customer may be asked to verify their identity before the payment is completed.
Not every payment requires this step. Banks often use risk-based checks; if the payment looks low-risk the customer may not be prompted at all.
For customers, 3D Secure means:
A more secure checkout process.
Extra confidence that card details are safe
Sometimes, one quick extra step is needed to complete the purchase
What to Expect with 3D Secure
When your customer pays using a credit or debit card, they may be asked to take one quick extra step before payment goes through.
Here’s what it usually looks like:
Enter card details as normal
Nothing changes in the first step. They'll type in their card number, expiration date, security code, billing address and zip code.The bank may ask to verify the payment
Before presenting any challenge, your customer's bank automatically reviews the transaction in the background. If the payment looks low-risk, for example, it matches the cardholder's normal spending patterns, the bank may approve it without asking your customer to do anything. This is called a frictionless flow.
If the bank wants extra confirmation, it will present your customer with one of the following challenges:
One-Time Passcode (OTP)
Sent via SMS, push notification, or email.
Valid only for that specific transaction - expires within minutes.
Prevents reuse by fraudsters.
Bank Mobile App Push Approval
Shopper gets a notification in their banking app and taps “Approve.”
Often uses device biometrics (Face ID, fingerprint).
Biometric Authentication
Fingerprint, facial recognition, or voice scan, depending on the device.
Security Token
Some banks still offer a physical token or digital generator to produce short-lived codes.
A Note on Unexpected Verification Prompts:
Occasionally, an issuing bank may require 3DS verification even when it wasn't requested. This is normal and can happen at the bank's discretion. If a customer contacts you confused about an unexpected authentication screen during checkout, you can reassure them that this is a legitimate part of the payment process.
It's also worth noting that the verification screen comes directly from the customer's card issuing bank, not from your shop or OmegaPay. If a customer is concerned it could be fraudulent, they can verify this by checking that the page matches their bank's usual branding. Legitimate 3DS prompts will never ask for a full card number or account password.
What if verification fails or doesn't go through?
If a customer is unable to complete the verification step. For example, their one-time passcode (OTP) expired, they didn't receive a push notification, or they closed the authentication screen, the payment will not be completed. This is not something your shop can resolve directly, as the verification is handled entirely by the customer's bank.
In these cases, your customer can:
Try again - one-time passcodes and push notifications can be re-requested by restarting checkout
Contact their bank - if they're repeatedly unable to complete verification, their bank is the right point of contact
Use a different card - if the issue appears to be with a specific card or bank
Once verified, the payment continues
After they complete this step, they'll see the order confirmed and the successful payment will appear in the job autobiography of the invoice.