We’re excited to unveil a powerful addition to PCI Proxy: Merchant-Initiated Authentications, also known as Requestor-Initiated Authentications (3RI). This feature, baked into the EMV 3DS v2.2 protocol, empowers merchants to streamline complex payment workflows securely and effortlessly. Tailored for asynchronous, multi-party transactions, 3RI lets merchants authenticate payments effortlessly without cardholder intervention.

In this post, we’ll unpack 3RI’s mechanics, trace its evolution, showcase real-world wins, and detail how PCI Proxy makes implementation a no-brainer. Let’s dive in.

From EMV 3DS v2.1 to v2.2: The Rise of 3RI

The shift from EMV 3DS v2.1 to v2.2 marks a pivotal moment in payment security. While v2.1 introduced 3RI as an option, v2.2 elevates it to a core feature, driven by mandates from schemes like Visa for merchant-initiated scenarios. Why the spotlight? 3RI enables merchants to trigger authentications post an initial cardholder-present 3DS handshake, leveraging issuer-approved data for subsequent transactions. It’s a response to the rise of complex e-commerce workflows—think split payments or recurring charges—where traditional 3DS falls short.

Decoding 3RI: Split the Payment, Retain the Authentication

Merchant-Initiated 3DS Authentication (3RI) is a 3D Secure extension that lets merchants initiate authentication requests after an initial cardholder-authenticated session. Unlike cardholder-present 3DS, where users input OTPs or biometrics, 3RI operates in the background.

Here’s the tech breakdown:

• ‍Initial Authentication: A cardholder completes a 3DS v2.2 authentication (e.g., challenge or frictionless flow).

• ‍3RI Trigger: The merchant uses the resulting Authentication Value (AV) and Transaction ID to initiate subsequent authentications, passing the 3RI Indicator (e.g., "02" for recurring, "05" for split) to the issuer via the acquirer.

• ‍Issuer Validation: The issuer verifies the 3RI request against the original 3DS data, approving without cardholder input—reducing friction and declines.

‍Key Use Cases of 3RI

• Re-Authentication: A previous authentication has expired, a card issuer requires fresh authentication, or there is a change in the transaction risk profile—requiring the merchant to perform a new authentication.

• Partial Split Shipments: A retailer ships items separately as stock becomes available, charging for each shipment individually. Example: Charge €50, €30, and €20 as items ship separately.

• Multi-Merchant Bookings: A travel agency books flights, hotels, and tours with one upfront authentication, then splits payments across vendors. Example: Split €1,000 across vendors (e.g., €400 flight, €600 hotel).

• Unknown Final Amounts: A car rental company pre-authenticates a base fee, later adding charges for extras like fuel or late returns. Example: Pre-auth €100, later adjust to €130 for extras.

• Re-Authorizations: A merchant refunds a canceled item but re-charges for the remaining order. Example: Refund €50, re-auth €950 for the rest.

3RI in Action: The Multi-Vendor Luxury Travel Agency

Meet Anthony, founder of DreamScape Travel, a boutique agency crafting luxurious vacation packages. One client, Maria Delgado, booked a €4,000 Santorini honeymoon: flights, a cliffside hotel, and a sunset cruise. Sounds dreamy, right?

Before 3RI, Anthony juggled a mess of vendor payments. As a facilitator—not the merchant of record—he shared guests’ reservation and card details with each vendor. Without authentication, declines piled up. Vendors often sent separate payment links, leading to confusion. Frustration brewed on all sides.

Determined to provide a better experience, Anthony implemented a standalone 3DS solution providing 3RI capabilities. When Maria booked her honeymoon, DreamScape authenticated the full amount of €4,000. Once authenticated, Anthony then used 3RI to divvy it up: €1,800 to the airline, €1,500 to the hotel and €700 to the cruise operator. Each 3RI result, along with the reservation and payment details, was shared with the vendors. As a result, each vendor—the airline, hotel, and cruise operator—was able to charge its portion of the package without authenticating Maria an additional time or receiving a decline during authorization.

Maria sipped champagne under a Santorini sunset, blissfully unaware of the payment magic. Anthony? He’d turned chaos into a seamless, trust-building process—thanks to 3RI.

How PCI Proxy Supercharges 3RI

At PCI Proxy, we’ve engineered 3RI to be as painless as it is powerful. Our platform integrates seamlessly into your workflows, handling split payments, multi-vendor setups or re-authentications with precision and more. With robust 3D Secure (3DS) capabilities, we ensure secure, frictionless authentication that meets the highest industry standards. PCI Proxy is certified for all major card brands—Visa, Mastercard, American Express, and more—giving you the flexibility to process authentications confidently across the board.

Ready to Use Merchant-Initiated Authentications?

Check out our 3RI documentation and start streamlining today.