3D Secure 2.0

From September 2019, most e-commerce payments must change to comply with a new Strong Customer Authentication (SCA) requirement. The Card Schemes (Mastercard, Visa, etc.) introduced a new authentication protocol called 3D Secure 2 (3DS v2) to enforce this.

In a nutshell, payment providers such as Global Payments, Stripe, SagePay, and Barclaycard will support the 3DS v2 protocol by introducing extra checks to ensure compliance with the SCA requirement. Having 3D secure functionality enabled on your website helps to remove some of the risks for the retailer and shift some of the responsibility onto issuing banks.

What does this mean for websites with bespoke payment systems?

If your website handles payments online and does not redirect to the merchant website, your payment gateway is 'directly integrated', and you have an HPP (Hosted Payment Page). An HPP makes the customer journey seamless, but after August 2019, additional fields must be sent to the payment merchant via an HPP POST (a technical term for transmitting data as soon as a submit button is pressed). The extra details include information such as the customer's telephone number, location, email address, postcode and door number, CVV number etc, to ensure businesses comply with the regulation. Without making these changes, it may affect your ability to process successful transactions.

If you have an eCommerce website and take payments via a Hosted Payment Page, please contact us, as we may need to make some technical changes before the deadline.