This article covers the most frequently asked questions about 3D Secure payments with Homhero.
What is 3DS2?
A: 3DS2 (3-D Secure 2) is an additional security layer used when processing online card payments. It helps verify that the person making the payment is the legitimate cardholder, often through a quick authentication step with their bank (such as a one-time code or banking app approval). This helps reduce fraudulent transactions and chargebacks while keeping payments secure.
How does 3DS2 work?
When a payment is made, the cardholder’s bank may request a quick authentication to confirm the identity of the person making the transaction. This may involve entering a one-time passcode, approving the payment in a banking app, or another simple verification method. In many cases, low-risk transactions can be approved automatically without any action from the guest.
How is 3DS2 different from the original 3D Secure?
3DS2 is an updated version of the original 3D Secure protocol (previously known as “Verified by Visa” or “Mastercard SecureCode”). It is designed to provide stronger security while improving the user experience. It supports mobile and in-app payments and uses more transaction data to determine whether authentication is required, allowing many low-risk payments to be processed seamlessly.
Which payment gateways integrated with Homhero support 3DS2?
Currently, Hompay and Merchant Warrior are the only payment gateways integrated with Homhero that support 3D Secure (3DS2) authentication. Other gateways do not yet offer 3DS2 compatibility through Homhero.
How do I enable 3DS2 in Homhero?
3DS2 will need to be activated on your merchant account before this can be enabled in Homhero. Only Homhero Support will be able to activate 3DS2 support.
If I am currently processing payments through Homhero, is 3DS2 already enabled?
3D Secure 2 (3DS2) is a cardholder-present transaction, meaning the guest must initiate the payment by entering their card details at the time of payment for 3DS2 to be applied. Processing stored cards on behalf of the guest does not qualify as 3DS2.
Do I need to send the payment link for the guest to complete the payment with 3D Secure?
To apply 3DS2, please send your guests a payment link so they can settle any outstanding amounts via the Guest Portal. This will trigger the 3DS2 process, transferring the liability from the merchant to the guest in the transaction. You can send payment links to your guests via an automated correspondence schedule or by sending a pre-saved correspondence template.
How does the 3DS Payment Verification work?
1. Initiation: The customer enters their card details on the checkout page.
2. Authentication Prompt: If required, a pop-up appears (or the customer is redirected to their bank’s page) requesting verification.
3. Verification: The customer confirms their identity using a one-time password (OTP) sent via SMS, a password, or a biometric method such as fingerprint or facial recognition.
4. Completion: The bank validates the authentication and, if approved, authorises the transaction and redirects the customer back to the merchant site.
Why is a 3DS pop-up not appearing?
- Frictionless Flow (3DS2): With 3DS2, over 100 data points (such as device ID and location) are shared with the bank. If the transaction is assessed as low risk, it can be approved without prompting the customer.
Risk-Based Assessment: The issuer may only request additional authentication if the transaction appears unusual — for example, a high-value purchase or one made from an unfamiliar location.
Issuer Control: The decision to trigger a challenge ultimately sits with the cardholder’s bank, not the merchant.
Can 3D Secure Payments be made via Homhero?
3DS2 payments can only be processed through the Guest Portal and the New Booking Form, provided the New Booking Form has been enabled for your website.
How can I identify a 3D Secure payment?
A 3D Secure payment will be marked with the '3DS2' payment type. You can view this under Transactions > Payments on the reservation in Homhero.
When 3D Secure is enabled, will all credit card payments be 3D Secure?
No, VCCs (Virtual Credit Cards) and credit cards processed through OTAs (Online Travel Agencies) are not supported by 3D Secure.
Can 3D Secure be enabled on security deposit payments or pre-authorisations made via Homhero?
Yes. 3D Secure (3DS) can be enabled for both security deposit payments and pre-authorisations made through the guest portal, providing an extra layer of authentication for card transactions.
Can we manually charge credit cards after the deposit payment has been taken with 3DS active?
Yes. Once the initial 3DS payment is successfully completed, a secure long-term payment token is stored. This enables future manual charges to be processed without requiring additional authentication steps. The token can be used up until 1 year after it was created, or 14 days after the reservation departure date, whichever is sooner.
Please note: the Strict Enforce toggle must be turned on for this functionality to work correctly.
How is 3DS intended to work?
3D Secure (3DS) is designed to work with Strict Enforce enabled. When this setting is active, every payment must pass a 3DS authentication check, ensuring the transaction is 3DS compliant.
If Strict Enforce is not enabled, some payments may bypass the 3DS check. This can occur if:
- The card used is not 3DS compliant
- The transaction is assessed as low risk and doesn't need a 3DS Check.
To ensure you receive the full security benefits of 3DS, we strongly recommend enabling Strict Enforce.
How does 3DS work with OTAs?
When using 3DS with OTA bookings, it’s important to ensure that payments are processed through a 3DS enabled flow. To achieve this, we recommend enabling the Exclude Auto Charge setting under Booking Sources.
With this setting enabled deposits will not be automatically charged when the reservation drops into Homhero. Instead, you can automate a schedule to the guest for the deposit or balance via the Guest Portal.
When the guest completes the payment through the Guest Portal, the transaction will go through the 3DS authentication check.
Please note: For Booking.com, this process does not apply to VCC (Virtual Credit Cards) or Payments by Booking.com.