3ds_url returned in webhooks.
Encryption: securing data in transit and at rest
Every card transaction on Hello Clever is protected by end-to-end encryption from the moment card data is entered through to confirmation and storage.- Encryption in transit: card information is encrypted the instant it is entered, preventing interception during transmission.
- Encryption at rest: stored card data remains encrypted and shielded from unauthorised access, so a breach of storage does not expose raw card numbers.
Card tokenisation
Hello Clever replaces sensitive card data with a randomly generated token that is meaningless outside Hello Clever’s secure environment. The original card details are never directly stored or transmitted after the initial capture.Secure repeat payments
Tokenisation enables subscriptions and repeat billing without requiring customers to re-enter card details on every transaction.
Reduced breach risk
Because the token has no value outside Hello Clever’s system, a data breach cannot expose usable card information.
PCI compliance alignment
Hello Clever follows PCI-DSS (Payment Card Industry Data Security Standard) guidelines across encryption, access control, and data protection. The platform is built to align with PCI protocols, and Hello Clever conducts regular security reviews to assess and maintain compliance with evolving PCI requirements.Hello Clever is actively working toward full PCI-DSS certification. In the interim, all card handling practices are designed to align with PCI guidelines, providing a high level of security for your customers’ card data.
3D Secure 2 (3DS2)
3D Secure 2 is an authentication protocol developed by major card networks to verify the cardholder’s identity before an online transaction is processed. Hello Clever integrates 3DS2 into its payment gateway, applying it dynamically based on a real-time risk assessment of each transaction.How the 3DS2 flow works
1
Transaction analysis
When a customer initiates a card payment, 3DS2 assesses the risk level in real time. Factors evaluated include transaction amount, device fingerprint, geolocation, and purchase history.
2
Frictionless authentication
If the transaction is assessed as low-risk, authentication is completed silently in the background. The customer sees no additional step and the payment proceeds normally.
3
Challenge authentication (if required)
For higher-risk transactions, the customer is prompted to complete an additional verification step. This may include:
- A one-time password (OTP) sent to their registered mobile number
- Biometric authentication (fingerprint or facial recognition)
4
Completion and confirmation
Once authentication is complete, the transaction is processed and both the customer and your business receive immediate confirmation.
Handling the 3ds_url in webhooks
When a card transaction requires 3DS2 authentication, Hello Clever returns a3ds_url in the transaction webhook payload. You must redirect the customer’s browser to this URL to complete the authentication challenge.
3ds_url, Hello Clever sends a follow-up webhook with the final transaction status (succeeded or failed).
Benefits of 3DS2 for your business
Reduced fraud and chargebacks
Reduced fraud and chargebacks
Verifying the cardholder’s identity before processing the transaction significantly reduces fraudulent activity and the resulting chargebacks, protecting your revenue.
Higher conversion rates
Higher conversion rates
The frictionless flow allows low-risk transactions to proceed without any customer involvement, reducing cart abandonment compared to older 3DS implementations.
Compliance with security standards
Compliance with security standards
3DS2 aligns with PSD2 requirements in Europe and meets the latest payment security regulations, keeping your business compliant with regional mandates.
Improved customer confidence
Improved customer confidence
Customers increasingly expect strong authentication for online payments. Knowing 3DS2 is in place reassures them that your business prioritises their security.