T228 · Cat-19 · Payment Schemes · 3DS / EMV / SCA

3DS 2.x / EMV 3D Secure Compliance Checker

Assess your 3DS 2.x authentication implementation: frictionless vs. challenge flow decision logic, SCA exemptions (TRA, low-value, trusted beneficiary, recurring), liability shift assessment, and PSD3/SCA jurisdiction compliance. Outputs implementation recommendations and Policy Mandate JSON authentication policy. Client-side. Zero PII.

Zero PII · Client-side

Last Reviewed · 2026-05-12

🔒 All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data — use synthetic or anonymised inputs only.

Educational Use Only This tool provides a self-assessment / educational framework for internal planning purposes only. It is not a regulatory audit, legal advice, or a substitute for a formal compliance review by a qualified advisor. Verify all interpretations against the official source text and applicable RTS/ITS/guidance published by the relevant authority.

Authentication Profile

Regulatory Jurisdiction

Transaction Type

Transaction Amount (EUR / local currency)

3DS Version Implemented

Authentication Flow

SCA Exemption Claimed (if any) SCA exemptions shift liability to the PSP requesting the exemption

Issuer / Acquirer Fraud Rate (bps) EBA RTS Article 18 — fraud rate thresholds for TRA exemption

Liability Shift Achieved ECI 05 = Visa authenticated; ECI 02 = MC authenticated

Soft Decline Handling

3DS Authentication Assessment

Regulatory Citations

[1] EMVCo, EMV 3-D Secure Specification v2.3.1, 2023
[2] European Banking Authority, RTS on Strong Customer Authentication (PSD2), 2018
[3] European Commission, PSD3 Proposal, June 2023 — expected transposition 2026
[4] FCA, Strong Customer Authentication requirements (UK), effective March 2022
[5] Visa, Visa Secure / 3DS 2.x Implementation Guide, 2024
[6] Mastercard, Identity Check / EMV 3DS Implementation Guide, 2024

About This Tool

This tool assesses 3DS 2.x (EMV 3D Secure) authentication implementations against PSD2 SCA requirements (EBA RTS), draft PSD3, FCA UK SCA rules, and card scheme requirements. It evaluates frictionless vs. challenge flow eligibility, SCA exemption applicability and conditions, liability shift status (ECI codes), and soft decline handling.

PSD3 note: The European Commission PSD3 proposal (June 2023) broadens SCA requirements and introduces open banking authentication changes. PSD3 transposition into national law is expected in 2026. This tool reflects the proposed PSD3 framework for planning purposes.

⚠ This tool provides compliance guidance only. SCA requirements are jurisdiction-specific and subject to change. Consult your PSP, acquirer, and legal counsel for definitive SCA compliance advice. Client-side. Zero PII.