This article aims to support integrators in deciding which alterations have to be made in order to comply with PSD2.
Basic facts about PSD2
For a somewhat comprehensive overview, please refer to this article at bundesbank.de: https://www.bundesbank.de/en/tasks/payment-systems/psd2/psd2-775954
One part of PSD2 is SCA (strong customer authentication), which is what most of this page will be about.
Affected Payment Methods
To comply with the SCA requirement, credit cards will implement 3-D Secure 2.0.
The required changes are outlined here at Amazon: https://developer.amazon.com/de/docs/eu/amazon-pay-onetime/sca-upgrade.html
SEPA Direct Debit
Direct Debits will not be affected by SCA according to this Q&A by the EBA.
Changes to Our API
Some payment methods require changes to the way they are implemented
Credit Card Integrations
Keeping Transactions Frictionless
3DS 2.0 requires far more information about an order to be eligible for an exemption of the 3DS customer authentication challenge. If you want to make sure credit card payments stay as frictionless as possible after PSD2 comes into effect, please refer to our collection of additional parameters: Required vs. optional parameters for 3DS2
The more data that is provided, the greater the possibility of exemption on the part of the acquirer or issuer to circumvent the input of the 3-D Secure credentials.
If you don't currently use 3-D Secure 1.0, please make sure that your system is at least able to process 3DS 1.0 transactions and activate 3DS in your merchant backend. Transactions that don't use any form of 3DS will likely be declined starting mid-September 2019!
Fore more Information, please refer to this chapter of our Special Remarks for 3DS: https://docs.payone.com/display/public/PLATFORM/Special+remarks+-+3-D+Secure - we strongly advise you read through this page to get a grip on the challenge process.
This request is technically valid and sends all info required by the EMVCo Spec, but will very likely lead to a redirect including a challenge by the issuer. The customer would then have to provide more personal info and complete the issuer's challenge for SCA via an app or other second factor.
A word on shipping address and phone numbers:
The EMVCo Spec declares these parameters as “Required unless market or regional mandate restricts sending this information” or “Required (if available) unless market or regional mandate restricts sending this information”. Since no EU country explicitly restricts sending these parameters, they're technically required. However, the Schemes have clarified “ACSs must not decline EMV 3DS messages when one or more of these conditional fields are absent.”
This means that shipping address and phone numbers are, in fact, required by the EMVCo Spec. The PAYONE Platform won't however decline the processing of credit card requests without these parameters. Please note that these parameters have a high influence on the internal risk assessment of the issuers though.
This request contains more info on the order as well as additional parameters and will likely apply for an exemption by the issuer (as long as no other risk assessment raises red flags)
Amazon Pay Integrations
Amazon implemented a new step in their payment flow. This "confirm order" step is documented here: https://docs.payone.com/display/public/PLATFORM/Special+remarks+-+Amazon+Pay#Specialremarks-AmazonPay-Confirmorder(newwithPSD2)
- No labels