From September 2019, most e-commerce payments will have to undergo changes in order to comply with a new Strong Customer Authentication (SCA) requirement. To enforce this a new authentication protocol is being introduced by the Card Schemes (Mastercard, Visa, etc.) called 3D Secure 2 (3DS v2).

In a nutshell, payment providers such as Global Payments, Stripe, SagePay, Barclaycard will be supporting the 3DS v2 protocol by introducing extra checks to ensure compliance with the SCA requirement. Having 3D secure functionality enabled on your website helps to remove some of the risks for the retailer and shift some of the responsibility onto issuing banks.

What does this mean for websites with bespoke payment systems?

If your website handles payments online and the website does not redirect to merchant website - then your payment gateway is 'directly integrated' and you have a HPP (Hosted Payment Page). A HPP makes the customer journey seamless, but after August 2019 additional fields need to be sent to the payment merchant via a HPP POST (a technical term for sending data as soon as a submit button is pressed). The extra details include information such as the customer's telephone number, location, email address as well as the postcode and door number, CVV number etc to ensure businesses are compliant with the regulation. Without making these changes it may affect your ability to process successful transactions.

If you have an eCommerce website and you take payments via a Hosted Payment Page please contact us as we may need to make some technical changes before the deadline.