This article covers the most frequently asked questions about 3D Secure payments with Homhero.
What is 3DS2?
3DS2 (3D Secure 2) is an updated version of the original 3D Secure protocol designed to make online payments more secure and seamless. It adds an extra layer of authentication during the checkout process to help reduce fraud and protect cardholders.
Unlike the original 3DS (often known as “Verified by Visa” or “Mastercard SecureCode”), 3DS2 supports mobile and in-app payments, offers a better user experience, and uses more data to determine whether authentication is needed — often allowing low-risk transactions to go through without any customer action.
Which payment gateways integrated with Homhero support 3DS2?
Currently, Merchant Warrior is the only payment gateway integrated with Homhero that supports 3D Secure (3DS2) authentication. Other gateways do not yet offer 3DS2 compatibility through Homhero.
How do I enable 3DS2 for Merchant Warrior in Homhero?
3DS2 will need to be activated on your merchant account with Merchant Warrior before this can be enabled in Homhero. Only Homhero Support will be able to activate 3DS2 support.
If I am currently processing payments through Homhero, is 3DS2 already enabled?
3D Secure 2 (3DS2) is a cardholder-present transaction, meaning the guest must initiate the payment by entering their card details at the time of payment for 3DS2 to be applied. Processing stored cards on behalf of the guest does not qualify as 3DS2.
Do I need to send the payment link for the guest to complete the payment with 3D Secure?
To apply 3DS2, please send your guests a payment link so they can settle any outstanding amounts via the Guest Portal. This will trigger the 3DS2 process, transferring the liability from the merchant to the guest in the transaction. You can send payment links to your guests via an automated correspondence schedule or by sending a pre-saved correspondence template.
How does the 3DS Payment Verification work?
1. Initiation: The customer enters their card details on the checkout page.
2. Authentication Prompt: If required, a pop-up appears (or the customer is redirected to their bank’s page) requesting verification.
3. Verification: The customer confirms their identity using a one-time password (OTP) sent via SMS, a password, or a biometric method such as fingerprint or facial recognition.
4. Completion: The bank validates the authentication and, if approved, authorises the transaction and redirects the customer back to the merchant site.
Why is a 3DS pop-up not appearing?
- Frictionless Flow (3DS2): With 3DS2, over 100 data points (such as device ID and location) are shared with the bank. If the transaction is assessed as low risk, it can be approved without prompting the customer.
Risk-Based Assessment: The issuer may only request additional authentication if the transaction appears unusual — for example, a high-value purchase or one made from an unfamiliar location.
Issuer Control: The decision to trigger a challenge ultimately sits with the cardholder’s bank, not the merchant.
Can 3D Secure Payments be made via Homhero?
3DS2 payments can only be processed through the Guest Portal and the New Booking Form, provided the New Booking Form has been enabled for your website.
How can I identify a 3D Secure payment?
A 3D Secure payment will be marked with the '3DS2' payment type. You can view this under Transactions > Payments on the reservation in Homhero.
When 3D Secure is enabled, will all credit card payments be 3D Secure?
No, VCCs (Virtual Credit Cards) and credit cards processed through OTAs (Online Travel Agencies) are not supported by 3D Secure.
Can 3D Secure be enabled on security deposit payments or pre-authorisations made via Homhero?
Yes. 3D Secure (3DS) can be enabled for both security deposit payments and pre-authorisations made through the guest portal, providing an extra layer of authentication for card transactions.
Can we manually charge credit cards after the deposit payment has been taken with 3DS active?
Yes. Once the initial 3DS payment is successfully completed, a secure long-term payment token is stored. This enables future manual charges to be processed without requiring additional authentication steps. The token can be used up until 1 year after it was created, or 14 days after the reservation departure date, whichever is sooner.
Please note: the Strict Enforce toggle must be turned on for this functionality to work correctly.