About 3D Secure or OTPs
Have you ever wondered how an OTP works? Here you’ll find everything you need about 3D Secure and how they affect Sunlight in one place.
Fabiola Rodríguez avatar
Written by Fabiola Rodríguez
Updated over a week ago

What’s 3D Secure?

3D Secure is a security protocol that was created to reduce fraud and provide a layer of security to online payments.

This is why when you buy over the internet, you’re normally required to enter your card details to complete a payment, and then are redirected to another page to provide an OTP or authentication code to approve the purchase.

What’s new about it?

Given there are still providers who have not implemented this, banks started in August 2021 to progressively decline the transactions on their websites as a mechanism to enforce compliance.

Moreover, due to a recent European requirement known as Strong Customer Authentication (SCA), providers will have to offer at least an additional layer of security, aka Two-Factor Authentication (2FA), in the case of high-risk transactions starting 2021.

What does this mean for Sunlight?

These requirements have an inevitable impact on your Sunlight purchases, but no worries, we’ve got your back! Here’s everything you need to know about the measures we’re taking to become compliant and reduce any frictions that may arise.

We've added an extra step to our request process before making your card available, so that you can receive the authorization codes when making a purchase. The good news is that you'll only need to register your number once!

How will this look?

On the sixth step of our request process, you'll be asked to register your phone number in order for your card to work correctly. Once you've added your number, just click on the green button to place your request and voilà!

If you prefer to go for it before placing any order, or have your phone number already registered on Sunlight but you need to update it, you’d simply have to visit the settings of your profile, set up or edit your phone number, and click on Submit to save it. For more details, you can also check our article Changing your personal details.

What happens to any orders created before this was enabled?

When you open your order to try to use your card, you'll see a small pop-up box where you'll be able to add your number.

Once again, this will only happen once, provided that you do not have your phone number registered on your Sunlight profile. If you've done it the first time, the option to register the number will not appear again.

Reporting soft declines in case of non-compliant providers

We’ll be making some tweaks in our portal and email notifications to inform you when a card decline is due to non-compliant providers. This way, you’ll know what to do next!

How will this look?

The request associated with your card decline will display the description PSD2 Soft decline on its left-hand side changelog.

We’ll also send you an email to notify you when your card has been declined for compliance reasons, as well as the options available to you to resolve this impasse.

So, what can you do next?

Once you’ve confirmed that the provider you’d chosen is in the way between you and your desired resource, there are a few options you could resort to succeed. These are their pros and cons, so you can decide which one is most convenient to you:

Course of action

Retry within 24h

Change Providers

Opt for Reimbursement


Possibility that the payment gets through

Higher chances of a smooth payment

Higher chances of a smooth payment


An increased number of soft declines over time

A new Sunlight request would have to be placed first

Period of ≤20 business days for reimbursement to be completed


Banks started to randomly decline 20% of non-compliant transactions, and will ramp up to 50% until they reach 100% if no changes are made on the provider’s end

Once a request is placed on Sunlight, you can only modify the cost of the resource

After successfully purchasing the resource with personal funds on the provider’s website, you can claim a reimbursement to our support team

Supporting two-factor authentication (2FA) in case of compliant providers

When using a Sunlight card, you’ll be prompted two different authentication factors to prove it’s really you making the purchase. Here’s how it will look like:

On the provider’s website, you’ll be firstly required to authenticate the transaction by a one-time password (OTP) that will be sent via SMS to the phone registered on your Sunlight profile.

You’ll next be required to authenticate via the ModirumID app for added security.

Here are the steps you’d need to follow:

  1. Download the ModirumID app from Google Play or Apple App Store.

  2. Register the card with the code shown in the pop-up message entitled Enroll your ModirumID.

  3. Set up a PIN code.

  4. Authenticate the payment on the app using your newfound PIN.

Once this is done, you’ll be able to use the same PIN to verify all of your purchases.

That’s all for now! We hope this information helps you navigate through the upcoming online payment changes with flying colors.

Have any questions or comments?

Please do not hesitate to contact our support team via our live chat or by emailing us at support@sunlight.is.

Did this answer your question?