Data-Only 3D Secure Guide

Data-Only 3D Secure is an EMV 3DS message flow that allows you to share rich transaction and device data with the issuer without performing cardholder authentication. This keeps the checkout experience fully frictionless while helping issuers make better authorization decisions.

Instead of running a full 3D Secure authentication (frictionless or challenge), Data-Only uses the 3DS protocol as a standardized way to send transaction context (for example device and order data) to the issuer. No challenge is triggered and the shopper is not redirected.

Important: Data-Only is not a full 3D Secure authentication. It does not satisfy SCA requirements and does not provide liability shift.

Visa DCAP and Mastercard IDCI

Visa DCAP (Digital Commerce Authentication Program) is Visa’s data-sharing program built on Data-Only 3DS. It standardizes high-quality data sharing and may provide financial incentives (for example interchange-related incentives) for participating merchants.

Mastercard IDCI (Identity Check Insights) is Mastercard’s Data-Only capability. IDCI transactions stop at the Mastercard Directory Server and Mastercard provides risk insights that can be used during authorization.

Why use Data-Only?

Higher conversion

Richer transaction data allows issuers to make better authorization decisions, reducing false declines while keeping checkout fully frictionless—no challenge, no interruption.

Stronger risk insights

Data‑Only delivers consistent, high‑quality risk data to issuers, supporting more accurate fraud detection and helping separate good customers from real fraud.

Easy to adopt

No new user flows, no customer impact. Data‑Only simply makes smarter use of existing data and EMV 3DS rails, allowing merchants to benefit without redesigning their checkout.

Data-Only vs Full 3DS

Aspect	Data-Only 3DS	Full 3DS
Cardholder authentication	No	Yes
Customer challenge	Never	Risk-based
Checkout friction	None	Yes (when the cardholder is challenged)
Liability shift	No	Yes (when the authentication is successful)
SCA / PSD2 compliance	No	Yes
Primary purpose	Improve authorization decisions	Fraud protection, liability shift and regulation

When to use Data-Only

Data-Only is most relevant in regions where full 3D Secure authentication is not mandated (for example North America). In PSD2-regulated markets, Data-Only does not satisfy SCA requirements and should not be used as a substitute for full 3DS.

How to use it in Payments Orchestration Platform

The platform supports a configuration-driven approach where you can decide whether to prioritize full 3DS or Data-Only, and optionally configure a fallback to the other mode. This allows you to align authentication behavior with regional requirements and risk strategy without complex integration changes.

Tip: Use full 3DS when you need SCA compliance or liability shift. Use Data-Only where you want frictionless checkout and issuer insights without authentication.

Force Data-Only per transaction

To explicitly force Data-Only behavior on a transaction, send the parameter threeDSecure.dataOnly=true.

Important: Forcing Data-Only disables liability shift and does not provide SCA compliance.

Related pages: 3D Secure Guide · Frictionless Guide · Liability Shift Guide