One-off payments without saving card details
Customers are charged while they’re on-session, without saving card details for future payments. One-off payments are made by customers who do not wish/need save card details or register. For example: Payments for goods and services.
What is Best Practice for SCA for me?
The purpose of SCA is to ensure that only the legitimate cardholder can make payments. The approach to achieving this follows two principals:
- Collecting good quality information to establish that the Cardholder is the person making the payment.
- Using Strong Authentication (e.g. 2 Factor Authentication) where necessary to verify the cardholder.
As such, best practice for you means using 3DS2 to give the Issuer of the card good quality information and facilitating the challenge for 2 factor authentication when requested.
In the case of ECOM payments, our advice is to use 3DS2, a fully SCA compliant authentication tool, for every transaction. By doing so, you give the Issuer the maximum amount of information possible. The Issuer then can decide to approve the transaction (frictionless) or to challenge the cardholder with SCA, for example a One Time Password sent by SMS to their phone.
Where authentication via 3DS2 is not available, we recommend using 3DS1.
Can I use Exemptions, to avoid challenging my customer?
For a transaction meeting certain criteria, for example a low value transaction, there are two potential ways an exemption may be applied.
- An Issuer, based on the good quality information you supply, and exemption criteria being met (in this example the low value), may apply an Issuer exemption and allow the transaction to flow through without a challenge (frictionless).
- Your Acquirer, based on a request by you, may request an exemption (in this case the low value exemption) to bypass SCA. If the Issuer accepts the request for the Acquirer exemption, there will be no challenge to the cardholder (frictionless). If the Issuer declines, the transaction will have to be processed again using 3DS2.
Which solution do you use?
If you need help identifying your integration type please contact us.
-
HPP
-
API
I take payments online via our website, which is integrated to GP ecom via HPP, what do I need to do?
Make a change to your HPP integration to ensure all of your transactions are processed with SCA.The purpose of these changes is to supply the Issuer with all the information they may need in order to verify the cardholder. HPP will automatically facilitate a challenge to the cardholder if required.HPP 3DS2 documentation is available here: 3D Secure - Version 2 (SCA)
HPP can support both 3DS2 and 3DS1 simultaneously and should 3DS2 be unavailable, HPP will dynamically route transactions through 3DS1, vastly reducing the complexity of implementing this service.
I take payments online via our website, which is integrated to GP ecom via API, what do I need to do?
Integrate into our new 3DS2 service to ensure all of your transactions are processed with SCA. The purpose of 3DS2 is to supply the Issuer with all the information they may need in order to verify the cardholder, and facilitate a challenge to the cardholder if required.
API 3DS2 documentation is available here. Where 3DS2 is unavailable 3DS1 should be used. The API 3DS1 documentation is available here.
What should I expect from 14 March 2022?
Where ECOM transactions are processed without 3DS there is likely to be an increased decline rate.
We are advising our merchants using 3DS2 to expect an increase in challenges to their customers (when compared to 3DS1) for a time as the new services are rolled out. Over time, we believe that the Issuers should gradually reduce the number of challenges to customers, making the process more seamless.
Who is Liable in the event of a dispute?
Liability for fraud related chargebacks, passes to the card Issuer when an SCA challenge occurs.
Where the Issuer decides to approve the transaction either frictionlessly with an Issuer exemption, or with a challenge, the Issuer is accepting liability. This means any fraud related chargebacks should not be billed to you.
What if I requested an Exemption?
If a transaction is processed frictionlessly following a request by you for an Acquirer exemption to 3DS2, you should note that you are accepting liability for the transaction. This means any fraud related chargebacks which occur on exempt transactions will likely be billed to you.