3D Secure provides an enhanced level of security for online (e-commerce) payments by adding the possibility to authenticate the cardholder. This a mandatory fallback with a one-time password (OTP) sent by SMS; the card must be enrolled for Out of Band (OOB) authentication first.

Registering the card for 3D Secure requires a mobile phone number. The cardholder then receives a secure code on their mobile phone when an authentication is required for an online payment. This code is unique for each payment and needs to be entered on the merchant's website or mobile application when prompted.

Prior to this step, your must ensure the User was created with a mobile phone number. Otherwise, the User must be updated with a mobile phone number.

Endpoint: /v1/cards/Register3DS

CURL

curl -X POST '{baseUrl}/v1/cards/Register3DS' \
    --header 'Authorization: Bearer {accessToken}' \
    --header 'Content-Type: application/json' \
    -d '{
        "cardId": 123456
    }'

This returns a Card object, but doesn't specify the 3D Secure enrolling status. Treezor also sends a card.register3DS webhook.

Configuration – By default, 3DS SMS are sent under the name "Secure3DS"

You can contact Treezor and provide a new sender name that:

• Contains only alphanumeric characters (no spaces)
• Starts with a letter
• Is less than 12-character long