3DS Authentication

3DS (Three-Domain Secure) lets you perform an intuitive and consumer-friendly authentication process. 3DS adds additional security layers to reduce the fraud avoiding the unauthorized usage of credit cards.

What is 3DS?

3DS (Three-Domain Secure) is a messaging protocol that enables the issuers to authenticate their cardholders during the online shops. This authentication is performed before the transaction is authorized and follows the next flow.

The next infographic explains the authentication flow for 3DS.

John buys a cellphone through an e-commerce shop in his personal computer.

The cellphone shop, which is integrated to the PayU authentication service, wants to verify that John is the one making the purchase, so they send this transaction to authenticate.

Through 3DS communication, the issuer receives the request to authenticate the transaction and begins to review the shared data.

The issuer authenticates the buyer that is making the transaction successfully. Since the risk was low, the authentication was silent without contacting John.

When the transaction involves higher risk, John may receive a simple challenge, such as an OTP sent to his cellphone.

John receives the confirmation of his purchase and later on, he receives the cellphone at home.

3DS Benefits

3DS (Three-Domain Secure) adds additional security layers to reduce the fraud avoiding the unauthorized usage of credit cards, protecting you of chargebacks due to fraud transactions.

Using 3DS, you can have:

  • Higher approval rates, less fraud.
    The exchange of data between merchants and issuers helps to make better authorization decisions and fraud detection. In case of fraud chargebacks, the issuer is the one who has the responsibility with the buyer.

  • Better user experience.
    3DS allows a better integration of the authentication process during the shopping experience of the end user. Reduces the friction with the user in a higher percentage of transactions.

  • Complies with regulations and EMVCo standards.
    Supports a strong customer authentication for issuers, acquirers, and payment services in regulated markets.

3DS Authentication solution

3DS Authentication, available for Brazil and Colombia, is provided via API under two modalities:

  • Pass Through: if you have your own 3DS Authentication service, you can send us the authentication response in the payment request. Under this modality, you are responsible for the integration with an MPI or a 3DS Server.
    The Pass Through is intended for merchants integrated via API to PayU Latam Platform. For more information, contact your sales representative.

  • 2-calls Authentication flow: if you want to authenticate the transaction using PayU, you can integrate through PayU Hub* using the Authentication Service that operates in two calls flow, one call for authentication and other for authorization.

    • To authenticate, you must connect to the PayU Hub, where you will get the authentication response.
    • To authorize, you can chose to go through PayU Latam or PayU Hub.


    The 2-calls Authentication flow is intended for merchants with the following characteristics:

    • Merchants integrated via API to PayU Latam Platform (directly not through partners).
    • Merchants integrated to the PayU Hub processing in Latam countries.
    • Large merchants that want to control their authentication flow and want to decide which transactions to authenticate.
    • Merchants with high-tech resources to make the API integration.

*PayU Hub, is the solution for borderless Payments. With a single API integration, you can process local payments in 18 markets.

When using the 3DS Authentication solution, take into account the following:

  • The authentication service is independent from the authorization service.
  • The authorization must include the authentication response.

Benefits of our solution

When using the Authentication Service featured by PayU Hub (2-calls Authentication flow), you have the following benefits.

  • PayU is connected to a 3DS server (MPI), you don’t need to do it by your own. Less providers & contracts!
  • You control and decide when to authenticate a transaction.
  • No additional costs*. Authentication is a service for free!.
  • If you migrate to the HUB, you can have additional benefits of a global solution.

* The acquirers may charge an authentication cost, if so, this cost will be transferred to you.

How to integrate 3DS?

3DS Authentication is a service available under demand, contact your Key Account Manager to sign the Terms & conditions to enable it.
Depending on the scenario you choose to use the 3DS Authentication, the integration procedure varies.

Pass Through

When you are integrated with an MPI or a 3DS Server, you just need to send us the authentication response in the payment request. Refer to your processing country to see an example of how to send the parameters returned in the response:


2-calls Authentication flow

To integrate with our Authentication service, follow the next steps:

  1. To get started, open an account on the PayU Hub.
    Click here to create one.

  2. Update your integration code. Ask your developers to update their integration code to connect through the PayU Hub.

  3. Test your integration and go live!

Everything else remains the same!.

  • Keep your current offer. You can still offering your current payment methods either from PayU Latam or from PayU Hub.
  • New On boarding process? Hell no! You’re already with us, so there’s nothing else we need.
  • Payments are still handled by the local platforms, so we will make sure that the same data is available for you.
Last modified March 11, 2022: 3DS Authentication: service description updated (b1d6207b)