The rules around authenticating your customers’ online transactions are changing in September 2019.
As explained in more depth in our previous post on 3D Secure, PSD2 & SCA, 3D Secure 2.0 is being introduced to make the process of authenticating your customers more secure and hopefully for most of them, smoother than 3D Secure 1.0.
We have a breakdown of everything you need to know:-
September 14th, 2019
On September 14th 2019, new rules come into force for any transaction conducted where both the issuing bank (e.g. your credit card issuer) and the merchant acquirer (i.e. the customers bank provider) are based in the EEA (European Economic Area). All such transactions have to be Strongly Authenticated by at least two of three possible factors:
It is expected that this will become mandatory worldwide by the end of 2020.
3D Secure 2.0
3D Secure 2.0 has been devised as a way to meet the requirements of Strong Customer Authentication (SCA).
This will apply to every offline & online transaction, with a few notable exceptions:
The UK is the second largest global market in terms of percentage of total eCommerce order value conducted on mobile devices behind China.
There was around £506 million worth of “card not present” fraud conducted in the UK in 2018 and this had increased 24% from 2017.
3D Secure 2.0 will eventually replace 3D Secure 1.0
This won’t be until later in 2021 and so both will need to work together as it’s expected only 70% of card issuers will be ready for 3D Secure 2.0 by 14th September.
On each transaction that needs to be passed through SCA, the systems involved will attempt 3D Secure 2.0 first, falling back to 3D Secure 1.0 if that’s not available.
If neither are available, the customer will probably have the transaction rejected by their bank.
Mastercard SecureCode is being re-branded as Mastercard Identify Check.
Some of you may have already seen this through some of your own transactions.
Adyen will be rolling out test versions of their support for 3DS2.0 in April, SagePay will be doing this in June.
Every website will need to update their payment method extensions in order that they can handle the new 3DS2.0 workflow.
This is unless they use a hosted payment function, like PayPal, where PayPal will then handle this bit.
SagePay are rolling out support for Apple Pay & Amazon Pay through their SERVER and FORM payment methods in Q4 2019.
SagePay are rolling out a “pay by link” feature in Q3 2019 where you’ll be able to send someone a payment request, like you can do with PayPal.
More details about the exact rollout of 3DS2.0 by SagePay and all other payment gateways will be coming in the next few months.
For the latest information about the support for 3D Secure 2.0 across our payment provider partners, please see our summary page here.