3DS 2 Intro
On September 14th 2019, new requirements for authenticating online payments were rolled out in Europe as part of PSD2, or the second Payment Services Directive. As part of this, there is a new set of technical standards required for payment authentication known as Strong Customer Authentication (SCA), designed to help reduce fraud and increase security for end users.
The PSD2 mandate is now fully in place across the EEA and the UK will be enforced starting 14th March 2022.
What You Need To Know
One of the most important changes to come with the introduction of PSD2 is the implementation of 3D Secure 2.0, a mandatory update to the 3D Secure payment processing system from EMVCo.
As the world of finance has developed, and the need for more robust security measures has increased, static password systems have become insecure and outdated.
The new version of 3D Secure enables mobile support, biometric validation, and streamlines the checkout experience for the customer, resulting in less cart abandonment and a better conversion rate for eCommerce businesses.
To help you with the process we’ve updated our Development Centre with an Introduction to 3D Secure 2.0.
Visit the Development Centre
Strong Customer Authentication (SCA)
In order to accept payments under the new European SCA requirements,
you need to ensure your customer can authenticate for a payment using two of the following:
Something They Know
A password, a PIN code, a security question.
Something They Have
A mobile phone or a hardware token.
Something They Are
A fingerprint or facial recognition.
3DS2 will allow you to process transactions using the above,handle exemptions from
SCA transactions in different business models, and work with more complex payment use cases.
What You Need To Do
The EU regulators are implementing a phase-in approach for 3DS2 over an 18 month period. The PSD2 mandate started on the 14th of September so, to avoid an increase in declines, we ask all merchants to implement 3DS 2 as soon as possible.
Make sure you plan out your 3DS 2 solution by 14th March 2020, ensuring that your software is updated, specifically for the financial authorities of the EU regions in your market. This means that you must update your integration to support 3DS 2 by 14th March 2020, or your new merchant applications may be declined.
Active monitoring and suspension of merchants who have not yet updated to 3DS 2 will begin on December 31st 2020 for EEA regional merchants and will commence from 14th March 2022 for UK based merchants.
Soft declines, are increasing across all markets, with issuers ramping up their stand up processes for Strong Customer Authentication. Starting 1 August 2021, if you receive a soft decline, you must resubmit the transaction(s) using 3DS 2.0.
If you need more information or if you have any concerns, please get in touch with your Partner Manager, and read our post on 3DS 2 below.
From 1st February 2020, we expect issuers will begin to enforce transactions using risk-based authentication and one-time passwords (OTP)
14th March 2020 - “Visa are Mandating for all EEA Card issuers to support 3DS2 by March 14, 2020 so we highly recommend that you have your 3DS2 Technology in place to start Strong Customer Authentication”
31st December 2020 - “European Banking Authority announced SCA enforcement date as of the 31st December 2020. Countries across the EEA are generally expected to follow this new timeline”
3DS 2.2 mandate needs to be implemented by 31st December 2020
Active supervision and monitoring will begin on 31st December 2020
14 March 2022 – FCA expected enforcement date for the UK for SCA
Should you have any other enquiries, check our FAQs or please contact us.
Paysafe – London
UK: 0800 294 1404INT: +44 (0) 118 928 5075
Plug and Play
Easy set up and connection to a range of tailor made and customisable payment solutions
Dedicated technical and customer support, whenever you need it.
A Single API
One API giving you access everything, from payment acceptance to wallets and APMs.