Get ready for 3D Secure 2.0.
Payment authentication is changing. It’s time to get prepared.
3D Secure V1 will be fully retired in October 2022. Effective 15 October 2022, Visa, Mastercard and American Express will discontinue support of 3D Secure 1 and related technology. Any transaction sent for Authentication with this version will result in an error. It is important to update your integration to 3D Secure 2 (EMV® 3D Secure) now if you are currently on 3D Secure 1 as deadlines are quickly approaching.
3D Secure 2 Intro
On September 14th 2019, new requirements for authenticating online payments were rolled out in Europe as part of PSD2, or the second Payment Services Directive. As part of this, there is a new set of technical standards required for payment authentication known as Strong Customer Authentication (SCA), designed to help reduce fraud and increase security for end users. To comply with the new standards, EMV® Co devised an updated version of the 3D Secure protocol – 3D Secure 2 (also referred to as EMV® 3D Secure).
The PSD2 mandate is now fully in place across EEA (as of 1st January 2021) and UK (as of 14th March 2022) and is actively being enforced. Merchants would need to be compliant and use 3D Secure 2 or request an exemption in their payment flow, otherwise they risk potential fines. As 3D Secure 1 is being retired on 15th October 2022, any existing merchant payment integrations using this version need to migrate to using 3D Secure 2 or they risk seeing an impact to their business.
In North America, 3D Secure 2 is not mandated. However, merchants who are currently using 3D Secure 1 need to upgrade to 3D Secure 2 prior to 15th October 2022, to ensure that their transactions would not be impacted due to the 3D Secure 1 sunset.
Should you have any other enquiries, check our FAQs.
What You Need To Know
One of the most important changes to come with the introduction of PSD2 is the implementation of 3D Secure 2, a long-needed update to the 3D Secure payment processing system from EMVCo.
As the world of finance has developed, and the need for more robust security measures has increased, static password systems have become insecure and outdated.
The new version of 3D Secure enables mobile support, biometric validation, and streamlines the checkout experience for the customer, resulting in less cart abandonment and a better conversion rate for eCommerce businesses.
To help you with the process we’ve updated our Development Centre with an Introduction to 3D Secure 2.
Strong Customer Authentication (SCA)
In order to accept payments under the new European SCA requirements,
you need to ensure your customer can authenticate for a payment using two of the following:
Something They Know
A password, a PIN code, a security question.
Something They Have
A mobile phone or a hardware token.
Something They Are
A fingerprint or facial recognition.
3DS2 will allow you to process transactions using the above,handle exemptions from
SCA transactions in different business models, and work with more complex payment use cases.
What You Need To Do
Make sure you plan out your approach. If you are new or already using Paysafe, check your regional requirements below to understand how 3D Secure applies to you.
EEA and UK
Any new integrations should support 3D Secure 2 in EEA and UK. If you are currently using 3D Secure 1, now is the time to act, update your integrations as soon as possible to 3D Secure 2 ahead of October 2022.
If you do not currently support 3D Secure in your payment flow this may mean you are in breach of the PSD2 mandate. You must ensure your integration supports 3D Secure by 1st January 2021 for EU or by 14th March 2022 for UK, or your transactions may be declined with a Soft Decline.
Active monitoring and suspension of merchants who are not authenticating their customers or providing the relevant exemptions commenced on December 31st 2020 for EEA regional merchants and 14th March 2022 for UK based merchants.
Soft Declines, are increasing across all markets where payments from EEA and UK customers are not authenticated, with EEA & UK issuers ramping up their stand up processes for Strong Customer Authentication. Starting 1 August 2021, if you receive a Soft Decline, you must resubmit the transaction(s) for authentication using 3D Secure.
If you are in North America or anywhere else globally and you don’t have customers from EEA and UK, you are not required to use 3D Secure. However, if you expect to have customers from EEA and UK, you should consider implementing 3D Secure 2 as the PSD2 regulation still applies to those transactions and you may see increased declines.
If you use 3D Secure 1 as part of your payment flow, we recommend that you upgrade as soon as possible to 3D Secure 2 prior to October 2022, to ensure that your transactions would not be affected by the 3D Secure 1 sunset.
If you need more information or if you have any concerns, please get in touch with your Partner Manager, and read our post on 3DS 2 below.
Plug and Play
Easy set up and connection to a range of tailor made and customisable payment solutions
Dedicated technical and customer support, whenever you need it.
A Single API
One API giving you access everything, from payment acceptance to wallets and APMs.
3DS1 Sunset Timeline
April 2019 – Visa and Mastercard activate 3D Secure 2 in EU region. Require Issuers and Acquirers to support 3D Secure 2 in EU.
14th September 2020 – Visa are mandating for all EEA Card issuers to support 3DS2.1 by September 14, 2020
14th September 2020 – Visa are mandating for all EEA Card issuers to support 3DS2.2 by September 14, 2020
31st December 2020 – European Banking Authority announced SCA enforcement date as of the 31st December 2020. PSD2 SCA requirement will begin to be enforced in most EEA countries. Active supervision and monitoring will begin on non-compliant merchants.
October 2021 – Visa, Mastercard, American Express will no longer perform attempts stand-in for 3D Secure 1 and will only respond to participating issuers.
January 2022 – American Express will require the following countries to support EMV 3DS 2.1or higher: Australia, Bangladesh, Cambodia, Hong Kong, India, Indonesia, Macau, Malaysia, New Zealand, Philippines, Singapore, South Korea, Taiwan, Thailand, and Vietnam
14 March 2022 – FCA enforcement date in UK for SCA
April 2022 – Mastercard will no longer allow merchant enrollment in the Directory Server for 3D Secure 1.
15th October 2022 – Mastercard, Visa and American Express will discontinue supporting 3D Secure 1 for cardholder authentications. All merchants are required to process through 3DS2 flow.
Please visit our Developer Centre Now to find out more information on the technical solution.
Should you have any other enquiries, check our FAQs or please contact us.