If you are using 3D Secure 1 this is still a fully compliant SCA solution.
If you are not currently using 3D Secure 1 you will need to begin doing so.
The schemes have confirmed that best practice going forward will be to support both 3DS1 and 3DS2.
The Strong Customer Authentication regulations are complex and are not a comfortable fit for the card-payments industry. The industry at large, including the card schemes, have struggled to adapt in time for the September 14 deadline date. The requirements of the Regulators was not made clear until Q1 2019 which had knock on effects throughout the eco-system. The inevitable impact of this is that despite best efforts, some of the required work will slip beyond the September time period.
If this is the case for you, as a customer of GP, we will be in contact regarding the proposed release date for your acquirer, and the good news here is that we have coverage of 3DS1 across almost all of our acquirer connections to date which will ensure merchant impact is kept to a minimum.
The payment card industry as a whole expects these new European regulations to have a knock-on effect that may, at least initially, negatively effect transaction success. With that in mind, when everything is implemented correctly this impact should be minimised.
If you experience an increase in Declines the first thing to do is to contact your account manager. They will be able to work with you to ensure that there are no issues with your connection to Global Payments and that your transactions are being flagged correctly. If necessary your account manager can follow up with your acquirer if there is something that needs investigating further downstream. Additionally they will help identify if the issues are isolated to a particular Issuer, BIN or Card Scheme for example and will work with you to identify the best course of action to resolve any issues.
General Questions
SCA requires a customer to authenticate themselves for a transaction using at least two independent factors. These factors can be:
• Something the customer knows (for example, a PIN number or password)
|
• Something the customer is (biometrics, such as a finger print or voice recognition)
• Something the customer is in possession of (for example, a card or a mobile phone)
For ecommerce transactions, 3D Secure (3DS) version 1 meets the basic criteria to support SCA but 3DS version 2 has more functionality allowing it to provide a better SCA experience.
The expectation is that for Ecommerce, the cardholder will receive a one-time password, either by text or email, which they’ll input into the 3DS window instead of the static password used today.
For most face to face transactions, chip and PIN will continue to operate the same as it does today, although Contactless transactions may step up to chip and PIN validation more often, at the request of the card issuer.
Under PSD2, card issuers are obliged to challenge and potentially decline non SCA transactions to protect their cardholders. All merchants will be effected.
After 14 September 2019, a card issuer has the choice to approve, decline or request SCA (if it hasn’t been done already) for a transaction.
Implementation Questions - Face to Face Transactions
Today some card issuers have counters on the card chip that request ‘step up’ to chip and PIN. The request happens the moment the card is tapped and it doesn’t happen very often.
From September, it’ll be required for all card issuers to do this and they’ll do it from their issuing systems (so there may be a short delay before you get the message). The rules about when they are obliged to request SCA are quite stringent and it’s likely to happen more often than before.
Implementation Questions - MOTO and Merchant Initiated Transactions
Implementation Questions - Ecommerce Transactions
The technical specifications for SCA are in our PSD2 and Strong Customer Authentication Technical Implementation Guide, which is on our website in the Customer Centre, under the Strong Customer Authentication tile.
If they also need to implement the changes for Credential on File, these technical specifications are in our Stored Credential - Technical Implementation Guide, which is also in the Customer Centre, under the Stored Credential Transactions tile.
Technical Changes
If you are using 3D Secure 1 this is still a fully compliant SCA solution.
If you are not currently using 3D Secure 1 you will need to begin doing so.
The schemes have confirmed that best practice going forward will be to support both 3DS1 and 3DS2.
Fee Changes
Help with card terminals, stationery,
Ecommerce Portal, chargebacks, security metrics, pricing, invoicing.
Phone +44 (0) 345 702 3344 *
9am - 6pm, Mon - Fri exc. public holidays.
For help with payment gateway call us on:
UK +44 (0) 203 026 9659
Ireland +353 (0)1 702 2000
Regular support lines: 8:30am - 6pm, Mon - Fri.
Call us 24/7 for emergency support.