3D Secure is a system implemented by both VISA and Mastercard in many places in the world. It’s a system that is meant to add a later of authentication to the transaction, and also transfer liability from the merchant to the customer. That last point is a bit problematic. I’ve seen customers able to charge back their transaction, even with a order that has gone through 3D secure, so liability shift isn’t a given. Make no mistake, it’s worth having, but it’s worth keeping an eye on it too.
Another area worthy of looking closely at is the status of the transaction. Credit card gateways seem to love adding complexity to their systems, so you’ll find transactions that have been pre-authorized, authorized but not charged, tagged as potentially fraud, if you have address checking enabled you’ll find all sorts of inconsistencies. Expiry/CVC failures are common too. Mostly these are simply mistakes.
Finally, a card gateway should be able to handle brief communication interruptions. If there are any network issues during the payment status callback to your server, the customer has paid and your system hasn’t been updated. The credit card gateway should continue to try to update your server until it succeeds. Only a few gateways implement this, leading to customer frustration and increased support staff costs.
If any of this sounds familiar and you think I can help, please contact me.