- Created by PAYONE Admin, last modified on 2020-11-25
This article aims to support integrators in deciding which alterations have to be made in order to comply with PSD2.
Basic facts about PSD2
For a somewhat comprehensive overview, please refer to this article at bundesbank.de: https://www.bundesbank.de/en/tasks/payment-systems/psd2/psd2-775954
One part of PSD2 is SCA (strong customer authentication), which is what most of this page will be about.
Affected Payment Methods
Credit Cards
To comply with the SCA requirement, credit cards will implement 3-D Secure 2.0.
Amazon Pay
The required changes are outlined here at Amazon: https://developer.amazon.com/de/docs/eu/amazon-pay-onetime/sca-upgrade.html
SEPA Direct Debit
Direct Debits will not be affected by SCA according to this Q&A by the EBA.
Changes to Our API
Some payment methods require changes to the way they are implemented
Credit Card Integrations
Keeping Transactions Frictionless
3DS 2.0 requires far more information about an order to be eligible for an exemption of the 3DS customer authentication challenge. If you want to make sure credit card payments stay as frictionless as possible after PSD2 comes into effect, please refer to our collection of additional parameters: Required vs. optional parameters for 3DS2
The more data that is provided, the greater the possibility of exemption on the part of the acquirer or issuer to circumvent the input of the 3-D Secure credentials.
If you don't currently use 3-D Secure 1.0, please make sure that your system is at least able to process 3DS 1.0 transactions and activate 3DS in your merchant backend. Transactions that don't use any form of 3DS will likely be declined starting mid-September 2019!
Fore more Information, please refer to this chapter of our Special Remarks for 3DS: https://docs.payone.com/display/public/PLATFORM/Special+remarks+-+3-D+Secure - we strongly advise you read through this page to get a grip on the challenge process.
Example Request
This request is technically valid and sends all info required by the EMVCo Spec, but will very likely lead to a redirect including a challenge by the issuer. The customer would then have to provide more personal info and complete the issuer's challenge for SCA via an app or other second factor.
aid=12345 (your aid) amount=2500 api_version=3.11 backurl=https://example.com/back clearingtype=cc city=Kiel country=DE currency=EUR email=shopper@example.com encoding=UTF-8 errorurl=https://example.com/error key=3adxxxxxxxxxxxxxxxxxxxxxxxx1cb9e (your portal key as md5) lastname=Payer mid=12345 (your mid) mode=test portalid=1234567 (your portalid) pseudocardpan=9410010000164968406 (tokenized card data) reference=565473895081303 request=authorization street=Fraunhoferstr. 2 - 4 successurl=https://example.com/success zip=24118
A word on shipping address and phone numbers:
The EMVCo Spec declares these parameters as “Required unless market or regional mandate restricts sending this information” or “Required (if available) unless market or regional mandate restricts sending this information”. Since no EU country explicitly restricts sending these parameters, they're technically required. However, the Schemes have clarified “ACSs must not decline EMV 3DS messages when one or more of these conditional fields are absent.”
This means that shipping address and phone numbers are, in fact, required by the EMVCo Spec. The PAYONE Platform won't however decline the processing of credit card requests without these parameters. Please note that these parameters have a high influence on the internal risk assessment of the issuers though.
This request contains more info on the order as well as additional parameters and will likely apply for an exemption by the issuer (as long as no other risk assessment raises red flags)
aid=12345 (your aid) amount=2500 api_version=3.11 backurl=https://example.com/back city=Kiel clearingtype=cc country=DE currency=EUR de[1]=description article 1 email=shopper@example.com encoding=UTF-8 errorurl=https://example.com/error firstname=Paul id[1]=artNum_0001 birthday=19870210 ip=192.168.0.1 it[1]=goods key=3adxxxxxxxxxxxxxxxxxxxxxxxx1cb9e (your portal key as md5) language=de lastname=Payer mid=12345 (your mid) mode=test narrative_text=frictionless please no[1]=1 portalid=1234567 (your portalid) pr[1]=2500 pseudocardpan=9410010000164968406 (tokenized card data) reference=206486578761802 request=authorization street=Fraunhoferstr. 2 - 4 successurl=https://example.com/success telephonenumber=043125968200 va[1]=1900 zip=24118 threedspolicy_skip_three_ds=thisTransaction threedspolicy_exemption_reason=lowValue merchantriskindicator_delivery_email=shopper@example.com merchantriskindicator_delivery_time_frame=electronicDelivery merchantriskindicator_pre_order_date=20200817 merchantriskindicator_pre_order_purchase_indicator=true merchantriskindicator_reorder_items_indicator=false merchantriskindicator_shipping_address_indicator=shipToBillingAddress cardholder=Paul Payer browserinfo_accept_headers=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 browserinfo_java_enabled=false browserinfo_java_script_enabled=true browserinfo_language=de-DE-1901 browserinfo_color_depth=24 browserinfo_screen_height=2160 browserinfo_screen_width=3840 browserinfo_time_zone_offset=60 browserinfo_user_agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0 accountinfo_account_identifier=shopper@example.com accountinfo_authentication_method=merchantCredentials accountinfo_authentication_timestamp=2020-06-25T12:45:13+00:00 accountinfo_account_age_indicator=from30To60Days accountinfo_account_change_date=20200625 accountinfo_account_change_indicator=thisTransaction accountinfo_account_creation_date=20200501 accountinfo_password_change_date=20200501 accountinfo_password_change_date_indicator=thisTransaction accountinfo_nbr_of_purchases=3 accountinfo_add_card_attempts_day=0 accountinfo_nbr_transactions_day=1 accountinfo_nbr_transactions_year=3 accountinfo_payment_account_age=20200625 accountinfo_payment_account_age_indicator=from30To60Days accountinfo_ship_address_usage_date=20200501 accountinfo_ship_address_usage_indicator=from30To60Days accountinfo_suspicious_acc_activity=false
Amazon Pay Integrations
Amazon implemented a new step in their payment flow. This "confirm order" step is documented here: https://docs.payone.com/display/public/PLATFORM/Special+remarks+-+Amazon+Pay#Specialremarks-AmazonPay-Confirmorder(newwithPSD2)
add_paydata[action]=confirmorderreference add_paydata[reference]=reference5678 add_paydata[amazon_reference_id]=referenceid1234 aid=12345 (your aid) mid=23456 (your mid) portalid=12345123 (your portalid) key=abcdefghijklmn123456789 (your key) amount=6413 api_version=3.10 clearingtype=wlt currency=EUR encoding=UTF-8 mode=test request=genericpayment successurl=hhtp://www.your-success.url errorurl=hhtp://www.your-error.url wallettype=AMZ workorderid= WORKORDERID12345
status=OK workorderid= WORKORDERID12345
- No labels