Recently there has been a significant impact on most payment processing (credit cards or bank transfers). The European Union revised a regulation known as the Payment Service Directive (PSD) with an updated version PSD2.
Yet, many merchants do not understand what PSD2 is all about so we thought to give complete information on how it affects Magento 2 merchants and payment gateways.
Meaning of 3D Secure:
3D Secure is a three-domain model which helps in reducing fraud. It provides additional security for online credit and debit card transactions by adding one more layer for customer purchases.
- Acquirer Domain — Merchant or acquirer in which credit/debit cards details are entered
- Issuer Domain — Bank that issued credit/debit card
- Interoperability domain — Infrastructure that supports the 3D Secure protocol, payment transaction. In most cases, the payment gateway represents the interoperability domain.
Various financial services give their implementation of 3D Secure” Verified by Visa” from Visa, “Mastercard SecureCode” from Mastercard, “American Express SafeKey” from American Express, and “J/Secure” from JCB.
How Does It Work?
It uses XML messages which are sent over an SSL connection with cardholder authentication information. When you implement 3D secure in your online store, it shows a popup with a link redirecting to a bank’s page or an iframe that is offered by the issuer bank. The customers have to enter the password, SMS code, or one-time token in the popup.
The benefit of using 3D Secure 2.0 are:
- Frictionless Checkout Flow
- Non-Payment authentication
- Native Mobile Integration (support of in-app, mobile, digital wallet)
- Better performance for end-to-end message processing
- Prevention of unauthenticated payments, even if a cardholder’s card number is stolen or cloned
Contextual data
The key feature of 3DS 2.0 is analyzing the merchant’s contextual data and prompting customers to verify their identity for high-risk transactions which only constitute less than 5 percent of all payment transactions it may consist of first and last names, emails, billing addresses, and other related data and it can be shared across payment providers to enhance the analysis mechanism and transaction risks. Face and voice recognition are also part of current authentication mechanisms.
3D Secure and PSD2
Strong Customer Authentication (SCA) was introduced as a part of the PSD2 directive which is the new authentication requirement. It is created to reduce fraud and better security. To authenticate the payer, you will need at least two of the following factors.
- Password or Pin
- Phone or hardware token for authentication
- Fingerprint & face recognition
European banks have started declining payments that require SCA. Low risk and low-value transactions may still be accepted as well as subsequent payments in a recurring subscription. There are some uncertainties in terms of this regulation especially the application to non-EU customers or EU customers buying outside the US. Therefore, we suggest all merchants update their payment integrations to support SCA despite their location.
What does this all mean for Magento merchants?
According to PSD2, the EU (including the UK) will have to implement SCA (Strong Customer Authentication). SCA has already come into effect for all European eCommerce transactions which fall under PSD2. Further, in October 2019, this 3DS 2.0 scheme will be mandatory for European online business and later in 2020 3DS 2.0 will be launched worldwide.
Magento Payment Provider Recommendations
We have mentioned a few recommendations for the Magento native payment integration which will ensure that customers payment does got get declined
| Payment Provider | Magento Commerce 2.X |
| PayPal | Continue using the current Magento built-in integration, as the 3D Secure 2.0 payment flow changes are all handled by PayPal. |
| Authorize.net | Use the official extension (recommended) or the Magento integration in upcoming version 2.3.3+ or 2.2.10+ with a 3D Secure.
Authorize.net provides the ability, via the cardholder Authentication request field, to make 3D Secure verification via 3rd party services. Starting from Magento 2.3.3 release, Authorize.net AcceptJs integration will support 3DS 2.0. |
| CyberSource | Cybersource introduced Payer Authentication API with 3D Secure 2.0 support for Secure Acceptance Hosted Checkout and Simple Order API. |
| eWay | Use the official extension. |
Get in touch with your payment provider to know what their recommendations are for supporting the PSD2 SCA requirements.
Magento’s future versions will deprecate and ease the core integration in support of official payment integrations in the marketplace such as CyberSource, Authorize.net, eWay, Worldpay. To provide the latest features with free official payment extensions, the official integrators will work closely with all the vendors around the world.
