> For the complete documentation index, see [llms.txt](https://docs.hyperswitch.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.hyperswitch.io/integrations/prism/api-reference/payment-method-authentication-service.md). # Payment Method Authentication Service Overview ## Overview The Payment Method Authentication Service manages 3D Secure (3DS) authentication flows for card payments. It verifies cardholder identity through frictionless or challenge-based authentication to reduce fraud liability while maintaining a smooth checkout experience. **Business Use Cases:** * **Fraud prevention** - Verify cardholder identity for high-risk transactions * **SCA compliance** - Meet Strong Customer Authentication requirements (EU) * **Liability shift** - Transfer fraud liability to the issuing bank * **Risk-based authentication** - Skip authentication for low-risk transactions The service supports the complete 3DS flow: pre-authentication (device data collection), authentication (challenge or frictionless), and post-authentication (result validation). ## Operations | Operation | Description | Use When | | ------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------- | | [`PreAuthenticate`](/integrations/prism/api-reference/payment-method-authentication-service/pre-authenticate.md) | Initiate 3DS flow before payment authorization. Collects device data and prepares authentication context for frictionless or challenge-based verification. | Starting a 3DS authentication flow | | [`Authenticate`](/integrations/prism/api-reference/payment-method-authentication-service/authenticate.md) | Execute 3DS challenge or frictionless verification. Authenticates customer via bank challenge or behind-the-scenes verification for fraud prevention. | Customer needs to complete 3DS challenge | | [`PostAuthenticate`](/integrations/prism/api-reference/payment-method-authentication-service/post-authenticate.md) | Validate authentication results with the issuing bank. Processes bank's authentication decision to determine if payment can proceed. | Verifying 3DS completion before payment | ## Common Patterns ### Frictionless 3DS Flow Low-risk transactions pass authentication without customer interaction. ```mermaid sequenceDiagram participant Customer as Customer participant App as Your App participant CS as Connector Service participant PP as Payment Provider participant Bank as Issuing Bank Note over Customer: Customer enters card details Customer->>App: Submit payment App->>CS: 1. PreAuthenticate CS->>PP: Initialize 3DS session PP->>Bank: Request authentication Bank-->>PP: Frictionless authentication (low risk) PP-->>CS: Return authentication data CS-->>App: Return auth data (no challenge) Note over App: Authentication complete App->>CS: 2. Authorize (with auth data) CS->>PP: Process payment PP-->>CS: Return authorization CS-->>App: Return connector_transaction_id (AUTHORIZED) ``` **Flow Explanation:** 1. **PreAuthenticate** - After the customer enters their card details, call this RPC to initiate 3DS. The connector sends device data, transaction amount, and merchant info to the issuing bank. For low-risk transactions (based on amount, device fingerprint, merchant history), the bank approves frictionlessly. 2. **Authorize payment** - If frictionless authentication succeeds, the response includes authentication data (ECI, CAVV values). Pass this to the Payment Service's `Authorize` RPC. The liability for fraud shifts to the issuing bank. *** ### Challenge-Based 3DS Flow High-risk transactions require customer verification through bank challenge. ```mermaid sequenceDiagram participant Customer as Customer participant App as Your App participant CS as Connector Service participant PP as Payment Provider participant Bank as Issuing Bank Note over Customer: Customer enters card details Customer->>App: Submit payment App->>CS: 1. PreAuthenticate CS->>PP: Initialize 3DS session PP->>Bank: Request authentication Bank-->>PP: Challenge required (high risk) PP-->>CS: Return challenge URL CS-->>App: Return redirection_data App->>Customer: Redirect to bank challenge page Customer->>Bank: Enter OTP/password Bank->>Bank: Verify credentials Bank->>App: Redirect back with result App->>CS: 2. PostAuthenticate (with result) CS->>PP: Validate authentication PP-->>CS: Return validation CS-->>App: Return auth confirmation Note over App: Authentication complete App->>CS: 3. Authorize (with auth data) CS->>PP: Process payment PP-->>CS: Return authorization CS-->>App: Return connector_transaction_id (AUTHORIZED) ``` **Flow Explanation:** 1. **PreAuthenticate** - Initiate 3DS authentication. For high-risk transactions, the bank responds that a challenge is required. The response includes `redirection_data` with a URL to the bank's challenge page. 2. **Customer challenge** - Redirect the customer to the bank's challenge page where they enter an OTP sent to their phone, answer a security question, or provide a password. After verification, the bank redirects back to your app. 3. **PostAuthenticate** - After the customer returns from the challenge, call this RPC with the authentication result data. The connector validates the result with the bank and confirms authentication success. 4. **Authorize payment** - With successful 3DS authentication, call the Payment Service's `Authorize` RPC including the authentication data. The payment proceeds with liability protection. *** ## 3DS Decision Factors Banks consider these factors for frictionless vs challenge: | Factor | Low Risk (Frictionless) | High Risk (Challenge) | | ---------------------- | ----------------------- | --------------------- | | **Transaction amount** | Small amounts | Large amounts | | **Device fingerprint** | Known device | New/unknown device | | **Merchant history** | Established merchant | New merchant | | **Customer history** | Repeat customer | First-time customer | | **Location** | Home country | Foreign country | | **Time** | Normal hours | Unusual hours | ## Next Steps * [Payment Service](/integrations/prism/api-reference/payment-service.md) - Process payments after 3DS * [Merchant Authentication Service](/integrations/prism/api-reference/merchant-authentication-service.md) - Create authentication sessions --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.hyperswitch.io/integrations/prism/api-reference/payment-method-authentication-service.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.