Ecommerce facing 3DS2 hurdles

Implementing 3D Secure 2 (3DS2) – a cornerstone of the strong customer authentication (SCA) rules outlined in Europe’s second payments directive – represents a complex challenge for ecommerce firms and payment service providers, says JP Morgan’s executive director of product solutions, Brian Gaynor. 3DS2 is an online payment authentication mechanism, and version 2.2 includes explicit …

by | October 21, 2019 | bobsguide

Implementing 3D Secure 2 (3DS2) – a cornerstone of the strong customer authentication (SCA) rules outlined in Europe’s second payments directive – represents a complex challenge for ecommerce firms and payment service providers, says JP Morgan’s executive director of product solutions, Brian Gaynor.

3DS2 is an online payment authentication mechanism, and version 2.2 includes explicit exemption flags. Exemptions can be applied on low risk transactions, payments under €30, or fixed amount subscriptions.

“From the current perspective we now have the products available to do SCA and they’ve launched in market, but the 3D Secure version 2.2, which is the one that fully supports the exemptions from SCA, is not ready yet.”

Visa recently announced its specifications for 3DS2 in April, and Gaynor predicts it will take a while before market participants make relevant changes to support the exemptions.

The European Banking Authority (EBA) published an opinion on October 16 presenting a new deadline for the migration to SCA for all ecommerce card transactions under PSD2. The opinion followed the voiding of the previous deadline, September 14, 2019, due to calls for a longer integration period from several market participants. The new deadline is December 31, 2020.

In a letter to the EBA dated September 13, the European Banking Federation, Visa, Mastercard, and others requested an additional timeframe of 18 months for full SCA implementation. Gaynor suggest market participants will be working to a tighter deadline.

“I can see that potentially products might only fully be available for merchants to start integrating 3DS 2.2 come quarter two or three,” he says. “And with the deadline being at the end of December, that’s peak period for online shopping … generally ecommerce merchants don’t put any changes to their platforms in the fourth quarter – they’re in blackout.”

“What we’re going to be saying to our merchants is that they need to code for the new specs now, get it done, and don’t be waiting for the exemption software to be available, because it may just be too late and there isn’t enough time to do it,” says Gaynor.

For Ralf Gladis, CEO at global payment service provider (PSP) Computop, SCA exemptions are an important factor in providing comfortable customer checkout experiences.

“Computop offered a full 3DS2.0 compliant API for retailers to connect even before September 14. But when the prolongation of PSD2, in the case of online card payments, came up, we recommended our customers not to switch to 3DS2 too early as many acquirers might not be ready, especially with regards to the exemptions which are mostly part of the 3DS 2.2 protocol,” said Gladis, in an email.

Holding off on implementation of certain SCA protocol has been one result of PSD2, which the EBA hopes to counter by enforcing constant communication between PSPs and national competent authorities (NCAs). Under the new EBA opinion, NCAs will be held accountable for collecting data on the types of transactions that are being registered. Previously, PSPs and merchants have feared that implementing SCA, especially without 3DS 2.2, would turn ecommerce customers away from making purchases.

“If we were to turn around to a regulator next March when the first submission is due and say, ‘No look: although we have the product ready and our merchants have it ready, we decided not to turn it on,’ I don’t think that they would look on that favourably,” says Gaynor.

He says there is little incentive to hold off on SCA with the new deadline, and that those who already have their SCA and 3DS 2.1 in place will be at an advantage.

Duncan Barrigan, chief product officer at PSP GoCardless said in an email: 

“The EBA has reapplied the pressure for rapid migration to SCA. The industry was granted a much-needed extension, but the last few weeks were never a time to sit back and relax. Merchants, PSPs and all players in the payments ecosystem will now have to continue working and show demonstrable evidence of their migration plans to meet the deadline.”

“The clock is still ticking and, to stay out of the EBA's firing line, businesses need to shape up for SCA.”

Resources

Cybersecurity for the Next Generation of Branch Banking

White Paper | Banking Cybersecurity for the Next Generation of Branch Banking

Auriga

Cybersecurity for the Next Generation of Branch Banking

Digitalization and cybersecurity are two concepts that go hand in hand. With the progressive transfer of financial services to the… Continue Reading

View resource
Automated cloud landing zones delivered at pace

Case Study | Banking Automated cloud landing zones delivered at pace

GFT

Automated cloud landing zones delivered at pace

Committed to the cloud but need a bullet-proof business roadmap and help in getting started? Looking to deploy cloud landing… Continue Reading

View resource
Welcome to the Spring 2021 Issue of Path Bulletin!

Other | Islamic finance Welcome to the Spring 2021 Issue of Path Bulletin!

Path Solutions

Welcome to the Spring 2021 Issue of Path Bulletin!

Don’t miss it! Our Bulletin Spring 2021 issue is out now! Take a look at our company news and updates. Continue Reading

View resource
Tech-based capital market transformation since 1999 - Interview with CEO Peter Schurau

Tech-based capital market transformation since 1999 - Interview with CEO Peter Schurau

Lucht Probst Associates GmbH

Tech-based capital market transformation since 1999 - Interview with CEO Peter Schurau

View resource