3-D Secure 2.1

If you operate in Europe and accept online card payments, you will soon need to implement 3-D Secure 2.1. This is in line with the PDS2 mandate for strong customer authentication. Over the coming months, Trust Payments will be supporting our customers to comply with the mandate by rolling out an upgrade in time for 31 December 2020.
You need to ensure that the additional authentication is built into your checkout flow and that you have sufficiently tested.

For our gateway customers, the actions you need to take vary depending on your integration:

Hosted Payment page (HPP). You do not need to do anything. We will enable 3DS 2.1 for you.
Custom HPP. We advise you to check with your test site that the new 3-D Secure flow works for your payment flow. Please let us know once you have tested it, and we will enable it on your production account.
API, JavaScript, Webserver and STAPI. To support 3DS 2.1 you will need to review the current integration you have with your developer/software provider and choose one of the three paths below:
Update to the latest JS Library;
Move to our HPP and let us handle the payment page; or
Use your own MPI

3DS v1 minimum is already required by the card schemes (Visa, Mastercard, Amex, Discover/Diners) for e-commerce transactions. You’ll need to be up and running on the new version 3-D Secure 2.1 – by 31 December 2020 so we can make sure you’ll be compliant with EU laws and avoid card declines.
You could choose one of the following paths:

1. JS Library (preferred)
The JS Library solution can be introduced into your existing API based system to connect through to our new 3-D Secure system.

2. Move to our HPP and let us handle the payment page
Our hosted payment solution is fully integrated with 3-D Secure version 2.1 and could be a viable alternative if you wish to move away from an API based solution.

3. Your own MPI
If using your own or a third party MPI, instructions can be found here.

3-D Secure is a security protocol provided by credit card schemes (Visa, Mastercard, Amex, Discover/Diners). During a 3-D Secure transaction, your customer is redirected to a site controlled by the issuing bank to answer additional security questions (usually a unique password or SMS verification). This reduces the chance of a fraudulent transaction occurring.

The latest version, 3DS 2.1, was developed to provide an enhanced method of authentication which meets the requirements for the European Revised Directive on Payment Services (PDS2). This directive requires that the consumer provides information from at least two of the three categories below:​

​Knowledge – something you know (PIN, Passcode, Memorable information).
Possession – something you have (Mobile Phone, Tablet, Key fob).
Inherence – something you are (Fingerprint, Voice, Facial Scan).

The Revised Directive on Payment Services (PSD2) is a set of laws and regulations for payment services in the EU and EEA. These were defined in response to several factors including:

An increase in online fraud by 66% between 2011 and 2016.
The rise of the API economy, making systems easier to talk to each other with a huge impact on banking.
New payment business models – since PSD1 there has been grown in digital payments and a lot of new fintech businesses – some fully regulated and others less so. PSD2 provides standards and structure to allow these companies to access customer bank accounts.

Strong Customer Authentication is a requirement of the EU Revised Directive on Payment Services (PSD2). This mandate requires that electronic commerce payments are performed with multi-factor authentication to increase security of the transactions and help prevent fraudulent use of payment cards.
If you try taking a payment from a card which was issued and acquired in the EEA without 3-D Secure authentication on or after 31 December, issuers may decline those transactions.
If you have a test account, you can test from 21 October 2020. The test credentials you need to complete testing can be found here. If you do not have a test account and would like one, please ask your account manager.

Want to learn more and find out how we can grow your business?

Get started