Card payment security is central to Hello Clever’s approach to building merchant trust. This page covers the full security stack applied to card transactions on the Hello Clever platform: end-to-end encryption, card tokenisation, PCI compliance alignment, and 3D Secure 2 (3DS2) authentication, including when 3DS2 is triggered, what the authentication flow looks like, and how to handle the 3ds_url returned in webhooks.

Encryption: securing data in transit and at rest

Every card transaction on Hello Clever is protected by end-to-end encryption from the moment card data is entered through to confirmation and storage.
  • Encryption in transit: card information is encrypted the instant it is entered, preventing interception during transmission.
  • Encryption at rest: stored card data remains encrypted and shielded from unauthorised access, so a breach of storage does not expose raw card numbers.

Card tokenisation

Hello Clever replaces sensitive card data with a randomly generated token that is meaningless outside Hello Clever’s secure environment. The original card details are never directly stored or transmitted after the initial capture.

Secure repeat payments

Tokenisation enables subscriptions and repeat billing without requiring customers to re-enter card details on every transaction.

Reduced breach risk

Because the token has no value outside Hello Clever’s system, a data breach cannot expose usable card information.

PCI compliance alignment

Hello Clever follows PCI-DSS (Payment Card Industry Data Security Standard) guidelines across encryption, access control, and data protection. The platform is built to align with PCI protocols, and Hello Clever conducts regular security reviews to assess and maintain compliance with evolving PCI requirements.
Hello Clever is actively working toward full PCI-DSS certification. In the interim, all card handling practices are designed to align with PCI guidelines, providing a high level of security for your customers’ card data.

3D Secure 2 (3DS2)

3D Secure 2 is an authentication protocol developed by major card networks to verify the cardholder’s identity before an online transaction is processed. Hello Clever integrates 3DS2 into its payment gateway, applying it dynamically based on a real-time risk assessment of each transaction.

How the 3DS2 flow works

1

Transaction analysis

When a customer initiates a card payment, 3DS2 assesses the risk level in real time. Factors evaluated include transaction amount, device fingerprint, geolocation, and purchase history.
2

Frictionless authentication

If the transaction is assessed as low-risk, authentication is completed silently in the background. The customer sees no additional step and the payment proceeds normally.
3

Challenge authentication (if required)

For higher-risk transactions, the customer is prompted to complete an additional verification step. This may include:
  • A one-time password (OTP) sent to their registered mobile number
  • Biometric authentication (fingerprint or facial recognition)
This confirms the authorised cardholder is making the payment.
4

Completion and confirmation

Once authentication is complete, the transaction is processed and both the customer and your business receive immediate confirmation.

Handling the 3ds_url in webhooks

When a card transaction requires 3DS2 authentication, Hello Clever returns a 3ds_url in the transaction webhook payload. You must redirect the customer’s browser to this URL to complete the authentication challenge.
If you do not redirect the customer to the 3ds_url, the transaction will not complete. Ensure your webhook handler detects the requires_action status and initiates the redirect immediately.
After the customer completes authentication at the 3ds_url, Hello Clever sends a follow-up webhook with the final transaction status (succeeded or failed).

Benefits of 3DS2 for your business

Verifying the cardholder’s identity before processing the transaction significantly reduces fraudulent activity and the resulting chargebacks, protecting your revenue.
The frictionless flow allows low-risk transactions to proceed without any customer involvement, reducing cart abandonment compared to older 3DS implementations.
3DS2 aligns with PSD2 requirements in Europe and meets the latest payment security regulations, keeping your business compliant with regional mandates.
Customers increasingly expect strong authentication for online payments. Knowing 3DS2 is in place reassures them that your business prioritises their security.

How Hello Clever’s card security benefits your business