Learn about Strong Customer Authentication and what you need to do to be ready in our helpful guide here.
Looking for a quick and easy SCA guide to keep handy? Our SCA infographic can be found here.
Effortless authentication for faster checkout, improved security and increased conversions.
Strong Customer Authentication is quickly becoming the standard for online businesses. Now 3D Secure 2 brings Strong Customer Authentication to the payment card industry.
It's designed to secure all the new ways in which we pay online as well as meeting the new regulatory requirements such as PSD2 (Revised Payment Service Directive) that have been brought in to help protect consumers.
You can find more information here.
If you are using 3D Secure 1 this is still a fully compliant SCA solution.
If you are not currently using 3D Secure 1 you will need to begin doing so.
The schemes have confirmed that best practice going forward will be to support both 3DS1 and 3DS2.
The Strong Customer Authentication regulations are complex and are not a comfortable fit for the card-payments industry. The industry at large, including the card schemes, have struggled to adapt in time for the 14 March 2022 deadline date. The requirements of the Regulators was not made clear until Q1 2019 which had knock on effects throughout the eco-system. The inevitable impact of this is that despite best efforts, some of the required work will slip beyond the September time period.
If this is the case for you, as a customer of GP, we will be in contact regarding the proposed release date for your acquirer, and the good news here is that we have coverage of 3DS1 across almost all of our acquirer connections to date which will ensure merchant impact is kept to a minimum.
The payment card industry as a whole expects these new European regulations to have a knock-on effect that may, at least initially, negatively effect transaction success. With that in mind, when everything is implemented correctly this impact should be minimised. Please note if you do not make these changes you will start to experience ‘soft declines’ from early 2021.
If you experience an increase in Declines the first thing to do is to contact your account manager. They will be able to work with you to ensure that there are no issues with your connection to Global Payments and that your transactions are being flagged correctly. If necessary your account manager can follow up with your acquirer if there is something that needs investigating further downstream. Additionally they will help identify if the issues are isolated to a particular Issuer, BIN or Card Scheme for example and will work with you to identify the best course of action to resolve any issues.
General Questions
SCA requires a customer to authenticate themselves for a transaction using at least two independent factors. These factors can be:
• Something the customer knows (for example, a PIN number or password)
• Something the customer is (biometrics, such as a finger print or voice recognition)
• Something the customer is in possession of (for example, a card or a mobile phone)
For ecommerce transactions, 3D Secure (3DS) version 1 meets the basic criteria to support SCA but 3DS version 2 has more functionality allowing it to provide a better SCA experience.
The expectation is that for Ecommerce, the cardholder will receive a one-time password, either by text or email, which they’ll input into the 3DS window instead of the static password used today.
For most face to face transactions, chip and PIN will continue to operate the same as it does today, although Contactless transactions may step up to chip and PIN validation more often, at the request of the card issuer.
Under PSD2, card issuers are obliged to challenge and potentially decline non SCA transactions to protect their cardholders. All merchants will be effected.
After 14 March 2022, a card issuer has the choice to approve, decline or request SCA (if it hasn’t been done already) for a transaction. Please note if you do not make these changes you will start to experience ‘soft declines’ from early 2021.
Implementation Questions - Face to Face Transactions
Today some card issuers have counters on the card chip that request ‘step up’ to chip and PIN. The request happens the moment the card is tapped and it doesn’t happen very often.
From 14 March 2022, it’ll be required for all card issuers to do this and they’ll do it from their issuing systems (so there may be a short delay before you get the message). The rules about when they are obliged to request SCA are quite stringent and it’s likely to happen more often than before.
Implementation Questions - MOTO and Merchant Initiated Transactions
Implementation Questions - Ecommerce Transactions
The technical specifications for SCA are in our PSD2 and Strong Customer Authentication Technical Implementation Guide, which is on our website in the Customer Centre, under the Strong Customer Authentication tile.
If they also need to implement the changes for Credential on File, these technical specifications are in our Stored Credential - Technical Implementation Guide, which is also in the Customer Centre, under the Stored Credential Transactions tile.
Technical Changes
If you are using 3DSV.1 this remains fully compliant. However, this will not support the ability to utilise exceptions and this may mean an issuer can’t apply all checks on the cardholder.
If you are not currently using 3D Secure 1 you will need to begin doing so.
The schemes have confirmed that best practice going forward will be to support both 3DS1 and 3DS2.
Fee Changes
Help with card terminals, stationery,
Ecommerce Portal, chargebacks, security metrics, pricing, invoicing.
Phone +44 (0) 345 702 3344 *
9am - 6pm, Mon - Fri exc. public holidays.
For help with payment gateway call us on:
UK +44 (0) 203 026 9659
Ireland +353 (0)1 702 2000
Regular support lines: 8:30am - 6pm, Mon - Fri.
Call us 24/7 for emergency support.