27 Enrolling your cards in 3D Secure

You can enrol your cards in 3D Secure using either the Thredd 3D Secure Enrolment Thredd API (using SOAP) or the Cards API (using REST). Your request must include the Thredd public token and the authentication type to use during authentication for this card (e.g., BIOMETRIC) and the value. For OTP SMS, you need to provide the mobile number as the value. For the Biometric authentication, the value is for your reference only. See Using the Card Enrolment API.

Thredd also provides an auto-enrolment option, which can be triggered either as a bulk update on all your existing cards not yet enrolled or can be triggered at the time when you create a new card. See Card Auto Enrolment.

Thredd saves the card enrolment record in our database.

27.1 Card Auto Enrolment

If you are upgrading existing cards to 3D Secure, Thredd can automatically enrol all your cards1 auto-enrolment includes cards created (in active, non-active or temporary blocked status), but excluded cards that are expired or permanently blocked. in the Apata 3D Secure service: you can request auto-enrolment by specifying the authorisation types to auto-enrol on your 3DS Product Setup Form (PSF). See Completing your 3DS Product Setup Form.

Auto-enrol options include:

• None — there is no auto-enrolment. You will need to do this using either Thredd API or Cards API; see Using the Card Enrolment API.

• Initial load — Thredd creates the authentication type credentials (e.g., OTP SMS or BIOMETRIC) for all existing cards. For OTP SMS, Thredd uses the phone number linked to the card (i.e., the phone number supplied when the card was created or updated). This is done as a single bulk update; adding credentials for any future new cards or applying any changes to credentials for existing cards must be done using using either Thredd APIs or Cards API; see Using the Card Enrolment API

• Continuous — same as Initial load, however any future cards created (using the Card Create Thredd API or Card Create Cards API) will also have their credentials automatically registered for 3D Secure in the same way. Applying any changes to credentials for existing cards must be done using using either Thredd APIs or Cards API; see Using the Card Enrolment API.

Continuous auto-enrolment is not recommended if you have live or active cards within a Product or BIN range which will need to be unenrolled or do not need 3D Secure.

Thredd auto-enrols the cards in the default main and fallback authentication methods. Auto-enrolment is available for OTP SMS, OTP Email, Out of Band (OOB) and Biometric authentication methods. Where a fallback method is not in use, the cards are enrolled to the default method only.

For OTP SMS, Thredd auto-enrols using the mobile number linked to the card as the number for sending the SMS message to the cardholder during an SMS OTP authentication session.

To use this option, you must first have set up the default main and fallback authentication types on your 3DS Product Setup Form. See Completing your 3DS Product Setup Form.

27.2 Card Unenrollment

For cards that have been enrolled manually or auto-enrolled using the Initial Load option, you can un-enroll the card if required by deleting the credentials linked to the card (using Thredd's 3DS Wed Services or the Cards API).