Introducing Evervault 3D-Secure – refreshingly modular and performant

At Evervault, our mission is to make world-class data security effortless. To do this, it’s important that we unblock – and even enhance – all of the core operations that businesses need to perform on their sensitive data. We’re excited to introduce our newest product, 3D-Secure.

For context, we launched our payments security platform in May to give companies flexibility over their own payment card data. This means they can easily work with any number of third-party payment processors or service providers — avoiding vendor lock-in, maximizing payment margins, and improving global coverage. We provide the best tools to manage the security & compliance of your payment stack, while staying processor agnostic.

After working closely with our customers on their payment infrastructure, it became clear that there were a limited number of 3D-Secure options that were both high-quality and unbundled from payment processors.

In response, we’re launching our newest product, 3D-Secure, to bring Evervault’s leading security and design principles to one of the fundamental payment industry standards – 3DS. 

What is 3D-Secure?

3D-Secure (3DS) is a security protocol created in 2001 to authenticate online card transactions, and ensures merchants and acquirers comply with SCA and PSD2 regulations. It verifies that the person making the purchase is the legitimate cardholder. A significant benefit of 3D-Secure is that it shifts chargeback liability from the acquirer to the issuer — a huge advantage to high-risk merchants. In many regions, including the EU, Australia, India, and Japan, 3DS is now mandatory for certain transactions.

Many of us have seen the typical 3D-Secure flow — after you purchase an item online, you’re redirected to a page from your bank asking you to authenticate the payment. You’ll then receive something like a one-time passcode, or a push notification from your banking app asking you to approve the payment. This greatly reduces fraud risk, as the issuers can verify that the payment was legitimately created by the consumer.

While 3D-Secure sounds like a no-brainer, it can sometimes come at the cost of lower conversion rates because of the added friction in the checkout process. 3DS version 2.0 (released in 2016) introduced frictionless authentication, allowing banks to authenticate payments invisibly without the need for user intervention.

The challenges implementing with traditional 3D-Secure

Implementing 3D-Secure yourself is complex, resource intensive and costly, which is why it’s typically managed by the payment processors. Standalones offerings are rare, complex to integrate, and unreliable due to the high barrier to building and launching an EMVCo-approved 3D Secure Server product (a process that involves attesting your compliance with the PCI 3DS standard, getting certified and approved from testing labs and EMVCo, and building direct integrations with each of the card scheme).

This means most merchants end up stuck with either legacy providers, or managing different 3D Secure flows across multiple processors, resulting in fragmented user experiences and huge technical complexity. Existing universal 3DS solutions from PSPs (like Visa's CardinalCommerce) are expensive, they require large minimum commits, and lead to conflicts of interest—as they also want to win your payment processing business alongside your 3DS volume.

Introducing the Evervault 3D-Secure API

Evervault 3D-Secure

Today, we're launching the Evervault 3D Secure API—a universal API for 3DS authentication that works independently of your payment processor. Our API is built for developers with our leading security and design principles. It’s easy to integrate, highly reliable and distills the 3DS authentication process into two simple steps:

1. Creating a 3DS session from the backend
2. Using our client-side SDKs to handle challenge flows, fingerprinting, and redirects.

After a successful 3D-Secure authentication, you get a raw 3DS cryptogram and Electronic Commerce Indicator (ECI) value, which can be shared with any PSP or third party. It’s built for low latency and high throughput use cases, with a smooth user experience designed to maximize conversion rates.

Code snippet

We’ve already seen success with customers like Duffel, a global travel booking platform that uses our 3D-Secure API to meet regulatory requirements and scale globally without complexity.

The Evervault 3D Secure API is available now, book a demo with our team or check out our documentation here to get started.