Guides
API Reference
Start typing to search…

3D Secure Fallback

3-D Secure Fallback

Despite the evolution of EMV 3-D Secure v2.x, real-life conditions can impact authentication flows. Failures may occur at different stages — from the 3DS Server to the Issuer ACS — and fallback mechanisms must be in place to minimize disruption and reduce transaction abandonment.

When and Why Fallback Happens

3-D Secure fallback is triggered when authentication cannot be completed due to infrastructure issues across the 3-D Secure ecosystem. In such cases, fallback relies on specific authorization messaging formats defined by EMVCo and supported by Schemes and Issuers. Based on this message, the Issuer may accept or decline the transaction following their Transaction Risk Analysis — commonly resulting in a soft decline.

Fallback Scenarios

1. 3-D Secure Server Failure

If your 3rd party 3DS Server or PSP 3DS Server is down:

  • Authentication cannot be initiated.
  • The transaction is likely to be soft declined.
  • Route the transaction through another 3DS partner.

Actively monitoring 3DS Server availability and dynamically switching to a different partner is a critical feature.

2. Scheme Directory Server Timeout

If a timeout occurs between the 3DS Server and the Directory Server (Authentication Request 2.1):

  • EMVCo allows a fallback authorization message.
  • The Issuer can accept or soft decline based on TRA.

For co-branded cards:

  • The Directory Server locks the transaction path.
  • EU REGULATION 2015/751 prohibits switching schemes mid-transaction.
  • A transaction authenticated on one scheme shouldn’t be authorized on another — even during an outage.

Actively monitoring DS availability and dynamically switching to a different scheme (on eligible cards) or PSP is a critical feature.

3. Issuer ACS or Out-of-Band Authentication Failure

If a timeout occurs between the DS and the ACS during Authentication Request (step 2.2):

  • Schemes and Issuers use a defined fallback authorization message.
  • The Issuer may accept or soft decline the transaction based on TRA.

If the issue occurs after step 2.2 (e.g., during Out-of-Band Authentication):

  • No automated fallback is available.
  • Manual agreement between the Issuer and Scheme is required to proceed.
  • The Issuer can still accept or soft decline based on TRA.

Monitoring the success rate of 3DS Authentication and raising alerts to the Merchant, PSP, and Scheme when deviations occur is a critical feature.

Warning

If your PSP hasn’t upgraded to at least 3-D Secure v2.1+ (and CB2A 1.5 or better 1.6 for France), your only fallback option will be using a non-3DS flow — with a high risk of issuer declines.

Updated 3 months ago