3 Domain Secure (3DS) is an additional layer of security for online payments where the physical card is not presented to the merchant. The three domains—acquirer, scheme, and issuer—interact with each other using a 3DS protocol where they exchange information and authenticate the transaction, determining if additional input is required by the cardholder that only the cardholder and card issuer will know.

All payment gateways integrated with RMS, including RMS Pay, include two verification methods through the 3DS protocol—frictionless and challenge. Frictionless uses background information to verify the cardholder and transaction without the cardholder needing to verify themselves actively. Challenge occurs when the card issuer has determined that the transaction requires additional verification from the cardholder before completing the transaction. 

When the transaction results in a challenge, the cardholder must supply two-factor verification through an SMS code or personal password determined by the card issuer. The transaction is only confirmed after this verification is successful.

Card issuers use complex security risk assessment and fraud detection algorithms to determine if a transaction requires 3DS input by the cardholder. This two-factor type of verification only applies to card-not-present transactions initiated on the Guest Portal, RMS Internet Booking Engine, or with an RMS Pay By Link.

Transactions initiated in RMS 9+ using a credit card token or the RMS Pay terminal will not require this additional verification step from the cardholder.

This verification process significantly reduces the occurrence of fraudulent transactions, protecting properties from chargebacks due to fraudulent activity and shifting liability to the cardholder.